Threat Detection
Explore 51 curated tools and resources
LATEST ADDITIONS
Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Anvilogic is a SIEM platform that streamlines detection engineering, offers cost-effective data management, and enhances threat detection capabilities.
LogRhythm NetMon is a network traffic analytics tool that provides real-time visibility, automated threat detection, and investigation capabilities for organizational networks.
LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.
Exabeam Security Operations Platform is a cloud-native security platform that applies AI and automation to security operations workflows for threat detection, investigation, and response.
Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.
Akamai Guardicore Segmentation is a microsegmentation tool that provides network visibility, policy creation, and enforcement to prevent lateral movement and protect critical assets in diverse IT environments.
Vectra AI offers an AI-driven Attack Signal Intelligence platform that uses advanced machine learning to detect and respond to cyber threats across hybrid cloud environments.
Darktrace is a cyber security solution that uses AI to detect and prevent cyber attacks in real-time.
A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.
A collection of YARA rules for Windows, Linux, and Other threats.
An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.
A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing, utilizing Message Query Language (MQL) for behavior description.
Repository of YARA rules for identifying and classifying malware.
Cloud-based virus scan APIs for securing files, URLs, and content uploads with advanced anti-virus and malware scanning capabilities.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
A runtime threat management and attack path enumeration tool for cloud-native environments
A tool for identifying and analyzing Java serialized objects in network traffic
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A collection of YARA rules for public use, built from intelligence profiles and file work.
YARA rules for ProcFilter to detect malware and threats
Comprehensive cybersecurity platform for hybrid and multi-cloud environments
Free tools for the CrowdStrike customer community to support their use of the Falcon platform.
A honeypot system designed to detect and analyze potential security threats
A powerful tool for analyzing and visualizing system activity timelines.
A crawler-based low-interaction client honeypot for exposing website threats.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.
A honeypot agent for running honeypots with service and data at threatwar.com.
A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.
Real-time, container-based file scanning system for threat hunting and incident response.
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.
CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.
IBM QRadar is a SIEM solution for real-time threat detection.
Open-source rules for detecting and preventing email attacks like BEC, malware, and credential phishing.
Collects and organizes Linux OS data for detailed analysis and incident response.
Official repository of YARA rules for threat detection and hunting
Comprehensive endpoint protection solution providing advanced threat detection, proactive defense, and efficient management.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
PolySwarm is a malware intelligence marketplace that aggregates threat detection engines to provide early detection, unique samples, and higher accuracy.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
Repository of plugins for the Honeycomb honeypot framework
Amazon GuardDuty is a threat detection service for AWS accounts.
High-performance remote packet capture and collection tool used for forensic analysis in cloud workloads.
IT Security Guru provides up-to-date news and expert insights on a wide range of cybersecurity topics.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Commercial
Vulnerability Management
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security