Security Operations

A framework for improving detection strategies and alert efficacy.

nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.

Free online ethical hacking course covering penetration testing, web app assessments, exploit development, and security operations.

A simple maturity model for enterprise detection and response

SOARCA is an open-source SOAR platform that automates security incident response workflows using standardized CACAOv2 playbooks and multiple integration interfaces.

AfterGlow Cloud is a Django-based web application that allows users to upload data and generate graph visualizations through a browser interface.

BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.

Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.

A Windows-based workflow automation and case management application that integrates with CrowdStrike Falcon APIs to streamline security operations and incident response processes.

A content repository for Cortex XSOAR that provides playbooks, automation scripts, and templates for security operations automation and orchestration.

ThreatNote is a threat intelligence platform that provides real-time updates on emerging cybersecurity threats, vulnerabilities, and attack vectors to help organizations enhance their security posture.

Unified repository for Microsoft Sentinel and Microsoft 365 Defender containing security content, detections, queries, playbooks, and resources to secure environments and hunt for threats.

A Python library and command line tool that creates interactive visualizations for log data analysis with zoom and navigation capabilities.

A framework for creating standardized cybersecurity event schemas in JSON format that enables interoperability across security tools and platforms.

AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.

A cloud-native, event-driven data pipeline toolkit for security teams that processes and routes data across AWS services with custom formatting and API enrichment capabilities.

Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.

FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.

Shuffle Automation is an accessible automation platform that provides workflow automation capabilities for security operations with both self-hosted and cloud deployment options.

IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.

An open source cloud-native security data lake platform for AWS that normalizes security logs into structured data with Detection-as-Code capabilities and vendor-neutral storage using open standards.

HpfeedsHoneyGraph is a visualization application that creates graphical representations of hpfeeds logs to aid cybersecurity analysis of honeypot data.

Open Source Threat Intelligence Gathering and Processing Framework

Weave Scope is a real-time visualization and monitoring tool that automatically maps Docker container infrastructures and microservices, providing interactive topology views and direct container management capabilities.