Threat Detection
Explore 99 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
ZeroFox Platform is a unified external cybersecurity solution that helps organizations identify, monitor, and remediate threats across social media, surface web, deep web, and dark web environments.
ZeroFox Platform is a unified external cybersecurity solution that helps organizations identify, monitor, and remediate threats across social media, surface web, deep web, and dark web environments.
Infoblox Threat Defense is a DNS-layer security solution that detects and blocks threats across hybrid and multi-cloud environments by monitoring DNS traffic and leveraging threat intelligence.
Infoblox Threat Defense is a DNS-layer security solution that detects and blocks threats across hybrid and multi-cloud environments by monitoring DNS traffic and leveraging threat intelligence.
A cyber threat intelligence platform that provides actionable insights from adversarial sources to help organizations proactively detect and mitigate emerging threats.
A cyber threat intelligence platform that provides actionable insights from adversarial sources to help organizations proactively detect and mitigate emerging threats.
Silent Push Platform provides preemptive cyber defense by identifying malicious infrastructure before attacks are launched using Indicators of Future Attack (IOFA)™ technology.
Silent Push Platform provides preemptive cyber defense by identifying malicious infrastructure before attacks are launched using Indicators of Future Attack (IOFA)™ technology.
HYAS Insight is a threat intelligence platform that provides infrastructure intelligence and cyber threat hunting capabilities for security operations, fraud investigations, and adversary profiling.
HYAS Insight is a threat intelligence platform that provides infrastructure intelligence and cyber threat hunting capabilities for security operations, fraud investigations, and adversary profiling.
Darkscope is an AI-powered threat intelligence platform that uses virtual personas to monitor the dark web, social media, and deep web for cyber threats and security risks targeting organizations.
Darkscope is an AI-powered threat intelligence platform that uses virtual personas to monitor the dark web, social media, and deep web for cyber threats and security risks targeting organizations.
GroupSense Digital Risk Protection Services provides curated threat intelligence and attack surface monitoring through their Tracelight platform to help organizations prioritize and mitigate cyber threats.
GroupSense Digital Risk Protection Services provides curated threat intelligence and attack surface monitoring through their Tracelight platform to help organizations prioritize and mitigate cyber threats.
Zero Day Live is a threat intelligence platform that provides early detection of malware and zero-day vulnerabilities through a proprietary sensor network processing over 1 billion data points.
Zero Day Live is a threat intelligence platform that provides early detection of malware and zero-day vulnerabilities through a proprietary sensor network processing over 1 billion data points.
A cloud-delivered security service edge solution that integrates ZTNA, CASB, SWG, DLP, and other security capabilities within a unified platform built on Zero Trust principles.
A cloud-delivered security service edge solution that integrates ZTNA, CASB, SWG, DLP, and other security capabilities within a unified platform built on Zero Trust principles.
WithSecure Elements Cloud is a modular cybersecurity platform that combines AI-powered software and expert services to provide comprehensive protection across endpoints, identities, and cloud environments.
WithSecure Elements Cloud is a modular cybersecurity platform that combines AI-powered software and expert services to provide comprehensive protection across endpoints, identities, and cloud environments.
A cloud-based web application firewall that protects applications from various cyber threats through rule-based filtering, machine learning detection, and integrated security features.
A cloud-based web application firewall that protects applications from various cyber threats through rule-based filtering, machine learning detection, and integrated security features.
An enterprise cybersecurity platform that unifies endpoint, cloud, and identity security through an integrated data lake architecture with AI-powered analysis capabilities.
An enterprise cybersecurity platform that unifies endpoint, cloud, and identity security through an integrated data lake architecture with AI-powered analysis capabilities.
A network detection and response solution that uses AI and machine learning to monitor network traffic, identify malicious behavior, and connect related security events to reveal attack patterns without requiring endpoint agents.
A network detection and response solution that uses AI and machine learning to monitor network traffic, identify malicious behavior, and connect related security events to reveal attack patterns without requiring endpoint agents.
A security information and event management solution that collects, normalizes, and analyzes log data from across an organization's infrastructure to enhance threat detection and compliance reporting.
A security information and event management solution that collects, normalizes, and analyzes log data from across an organization's infrastructure to enhance threat detection and compliance reporting.
A network detection and response platform that combines AI-driven behavioral analytics with collaborative threat intelligence sharing across organizations to provide early warning of cyber attacks.
A network detection and response platform that combines AI-driven behavioral analytics with collaborative threat intelligence sharing across organizations to provide early warning of cyber attacks.
MX Layer is a cloud-based email security platform that protects organizations against email threats through filtering, archiving, compliance, and data leak prevention capabilities.
MX Layer is a cloud-based email security platform that protects organizations against email threats through filtering, archiving, compliance, and data leak prevention capabilities.
A next-generation intrusion prevention system that combines signature-based and behavioral detection techniques to identify and block sophisticated network threats across hybrid environments.
A next-generation intrusion prevention system that combines signature-based and behavioral detection techniques to identify and block sophisticated network threats across hybrid environments.
A phishing detection and response platform that combines human intelligence from millions of trained employees with AI/ML to identify and remediate email threats that bypass traditional security gateways.
A phishing detection and response platform that combines human intelligence from millions of trained employees with AI/ML to identify and remediate email threats that bypass traditional security gateways.
A security analytics platform that integrates with Google Chronicle to deliver Autonomic Security Operations through data engineering, detection engineering, and response engineering.
A security analytics platform that integrates with Google Chronicle to deliver Autonomic Security Operations through data engineering, detection engineering, and response engineering.
BitLyft AIR Platform is a managed detection and response solution that combines AI-driven security monitoring with human expertise to provide comprehensive threat detection and incident response services.
BitLyft AIR Platform is a managed detection and response solution that combines AI-driven security monitoring with human expertise to provide comprehensive threat detection and incident response services.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
InSights by InQuest is a threat intelligence platform that delivers curated feeds of IOCs and C2 information to help security teams detect and respond to emerging threats.
InSights by InQuest is a threat intelligence platform that delivers curated feeds of IOCs and C2 information to help security teams detect and respond to emerging threats.
A digital risk protection platform that combines threat intelligence, dark web monitoring, attack surface management, brand protection, and supply chain intelligence to detect and respond to external cyber threats.
A digital risk protection platform that combines threat intelligence, dark web monitoring, attack surface management, brand protection, and supply chain intelligence to detect and respond to external cyber threats.
A threat exposure management platform that monitors clear and dark web environments to detect and provide actionable intelligence on potential security threats like data leaks, credentials, and malicious actor activities.
A threat exposure management platform that monitors clear and dark web environments to detect and provide actionable intelligence on potential security threats like data leaks, credentials, and malicious actor activities.
A GenAI-powered security platform that integrates endpoint, email, network, data, cloud, and security operations capabilities for comprehensive threat detection and response.
A GenAI-powered security platform that integrates endpoint, email, network, data, cloud, and security operations capabilities for comprehensive threat detection and response.
Reveelium UEBA is a French-developed User and Entity Behavior Analytics solution that uses artificial intelligence to detect abnormal behaviors and security threats by analyzing user and entity activities within an organization's network.
Reveelium UEBA is a French-developed User and Entity Behavior Analytics solution that uses artificial intelligence to detect abnormal behaviors and security threats by analyzing user and entity activities within an organization's network.
A unified data security platform that discovers, classifies, monitors, and protects sensitive data across cloud, SaaS, and on-premises environments while ensuring compliance and automating security processes.
A unified data security platform that discovers, classifies, monitors, and protects sensitive data across cloud, SaaS, and on-premises environments while ensuring compliance and automating security processes.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
A threat intelligence platform that collects, analyzes, and operationalizes threat data from multiple sources to help organizations identify and respond to security threats.
A threat intelligence platform that collects, analyzes, and operationalizes threat data from multiple sources to help organizations identify and respond to security threats.
PAGO Networks delivers AI-powered managed security services including MDR, integrated EPP/EDR, dark web monitoring, Open XDR, and OT-oriented endpoint protection.
PAGO Networks delivers AI-powered managed security services including MDR, integrated EPP/EDR, dark web monitoring, Open XDR, and OT-oriented endpoint protection.
SafeLine WAF is an open-source web application firewall that protects web services by filtering malicious HTTP traffic through intelligent semantic analysis and machine learning-based detection.
SafeLine WAF is an open-source web application firewall that protects web services by filtering malicious HTTP traffic through intelligent semantic analysis and machine learning-based detection.
An email security platform that combines human intelligence from millions of trained employees with AI/ML to detect, report, analyze, and remediate phishing attacks that bypass traditional security gateways.
An email security platform that combines human intelligence from millions of trained employees with AI/ML to detect, report, analyze, and remediate phishing attacks that bypass traditional security gateways.
JustGuard is a cybersecurity platform that detects and takes down phishing attacks before they can harm businesses or their customers.
JustGuard is a cybersecurity platform that detects and takes down phishing attacks before they can harm businesses or their customers.
FortiMail is an email security solution that protects organizations against phishing, ransomware, zero-day attacks, and business email compromise through multi-layered detection and prevention capabilities.
FortiMail is an email security solution that protects organizations against phishing, ransomware, zero-day attacks, and business email compromise through multi-layered detection and prevention capabilities.
A threat intelligence platform that provides comprehensive visibility into an organization's attack surface by collecting, analyzing, and structuring threat data to enable proactive security measures against emerging threats.
A threat intelligence platform that provides comprehensive visibility into an organization's attack surface by collecting, analyzing, and structuring threat data to enable proactive security measures against emerging threats.
A cloud-based email security solution from Cloudflare designed to protect organizations from email-based threats and attacks.
A cloud-based email security solution from Cloudflare designed to protect organizations from email-based threats and attacks.
A security solution that protects email and collaboration tools in Microsoft 365 environments against advanced threats including phishing, business email compromise, ransomware, and malware.
A security solution that protects email and collaboration tools in Microsoft 365 environments against advanced threats including phishing, business email compromise, ransomware, and malware.
An AI-powered email security platform that provides multi-layered protection against phishing, malware, and other email-based threats through various deployment options.
An AI-powered email security platform that provides multi-layered protection against phishing, malware, and other email-based threats through various deployment options.
A security operations platform that provides automated threat detection, access control, and protection against various online attacks through Cloudflare integration.
A security operations platform that provides automated threat detection, access control, and protection against various online attacks through Cloudflare integration.
A cloud-native application protection platform that provides comprehensive security monitoring, vulnerability management, and threat detection for cloud environments and container workloads.
A cloud-native application protection platform that provides comprehensive security monitoring, vulnerability management, and threat detection for cloud environments and container workloads.
An enterprise API security platform that combines API discovery, protection, testing, and monitoring capabilities with contextual analysis for comprehensive API ecosystem security.
An enterprise API security platform that combines API discovery, protection, testing, and monitoring capabilities with contextual analysis for comprehensive API ecosystem security.
A mapping tool that correlates MITRE ATT&CK techniques with atomic tests and detection rules to analyze security detection coverage.
A mapping tool that correlates MITRE ATT&CK techniques with atomic tests and detection rules to analyze security detection coverage.
A threat intelligence platform that monitors, analyzes, and provides detailed information about threat actors targeting non-human identities across various industries.
A threat intelligence platform that monitors, analyzes, and provides detailed information about threat actors targeting non-human identities across various industries.
A security platform that automates the deployment and management of security canaries across cloud infrastructure to detect potential intrusions and unauthorized access.
A security platform that automates the deployment and management of security canaries across cloud infrastructure to detect potential intrusions and unauthorized access.
A threat intelligence and vulnerability monitoring platform that aggregates security alerts from trusted sources and provides customizable monitoring and notification capabilities.
A threat intelligence and vulnerability monitoring platform that aggregates security alerts from trusted sources and provides customizable monitoring and notification capabilities.
A newsletter service that tracks and reports weekly changes in detection engineering rules and updates across multiple GitHub repositories.
A newsletter service that tracks and reports weekly changes in detection engineering rules and updates across multiple GitHub repositories.
Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security
Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Anvilogic is a SIEM platform that streamlines detection engineering, offers cost-effective data management, and enhances threat detection capabilities.
Anvilogic is a SIEM platform that streamlines detection engineering, offers cost-effective data management, and enhances threat detection capabilities.
LogRhythm NetMon is a network traffic analytics tool that provides real-time visibility, automated threat detection, and investigation capabilities for organizational networks.
LogRhythm NetMon is a network traffic analytics tool that provides real-time visibility, automated threat detection, and investigation capabilities for organizational networks.
LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.
LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.
Exabeam Security Operations Platform is a cloud-native security platform that applies AI and automation to security operations workflows for threat detection, investigation, and response.
Exabeam Security Operations Platform is a cloud-native security platform that applies AI and automation to security operations workflows for threat detection, investigation, and response.
Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.
Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.
Akamai Guardicore Segmentation is a microsegmentation tool that provides network visibility, policy creation, and enforcement to prevent lateral movement and protect critical assets in diverse IT environments.
Akamai Guardicore Segmentation is a microsegmentation tool that provides network visibility, policy creation, and enforcement to prevent lateral movement and protect critical assets in diverse IT environments.
Vectra AI offers an AI-driven Attack Signal Intelligence platform that uses advanced machine learning to detect and respond to cyber threats across hybrid cloud environments.
Vectra AI offers an AI-driven Attack Signal Intelligence platform that uses advanced machine learning to detect and respond to cyber threats across hybrid cloud environments.
Darktrace is a cyber security solution that uses AI to detect and prevent cyber attacks in real-time.
Darktrace is a cyber security solution that uses AI to detect and prevent cyber attacks in real-time.
A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.
A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.
A collection of YARA rules for Windows, Linux, and Other threats.
An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.
A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing, utilizing Message Query Language (MQL) for behavior description.
A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing, utilizing Message Query Language (MQL) for behavior description.
Repository of YARA rules for identifying and classifying malware.
Cloud-based virus scan APIs for securing files, URLs, and content uploads with advanced anti-virus and malware scanning capabilities.
Cloud-based virus scan APIs for securing files, URLs, and content uploads with advanced anti-virus and malware scanning capabilities.
A lightweight malware detection and removal tool that provides real-time protection against complex attacks while preserving system resources.
A lightweight malware detection and removal tool that provides real-time protection against complex attacks while preserving system resources.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
A runtime threat management and attack path enumeration tool for cloud-native environments
A runtime threat management and attack path enumeration tool for cloud-native environments
A tool for identifying and analyzing Java serialized objects in network traffic
A tool for identifying and analyzing Java serialized objects in network traffic
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A collection of YARA rules for public use, built from intelligence profiles and file work.
A collection of YARA rules for public use, built from intelligence profiles and file work.
YARA rules for ProcFilter to detect malware and threats
YARA rules for ProcFilter to detect malware and threats
Comprehensive cybersecurity platform for hybrid and multi-cloud environments
Comprehensive cybersecurity platform for hybrid and multi-cloud environments
A cross-platform network detection tool that identifies Responder presence by sending LLMNR queries for non-existent hostnames.
A cross-platform network detection tool that identifies Responder presence by sending LLMNR queries for non-existent hostnames.
Free tools for the CrowdStrike customer community to support their use of the Falcon platform.
Free tools for the CrowdStrike customer community to support their use of the Falcon platform.
A honeypot system designed to detect and analyze potential security threats
A honeypot system designed to detect and analyze potential security threats
A powerful tool for analyzing and visualizing system activity timelines.
A powerful tool for analyzing and visualizing system activity timelines.
A crawler-based low-interaction client honeypot for exposing website threats.
A crawler-based low-interaction client honeypot for exposing website threats.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.
A honeypot agent for running honeypots with service and data at threatwar.com.
A honeypot agent for running honeypots with service and data at threatwar.com.
A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.
A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.
Real-time, container-based file scanning system for threat hunting and incident response.
Real-time, container-based file scanning system for threat hunting and incident response.
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.
CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.
CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.
IBM QRadar is a SIEM solution for real-time threat detection.
Open-source rules for detecting and preventing email attacks like BEC, malware, and credential phishing.
Open-source rules for detecting and preventing email attacks like BEC, malware, and credential phishing.
Collects and organizes Linux OS data for detailed analysis and incident response.
Collects and organizes Linux OS data for detailed analysis and incident response.
Official repository of YARA rules for threat detection and hunting
Official repository of YARA rules for threat detection and hunting
Comprehensive endpoint protection solution providing advanced threat detection, proactive defense, and efficient management.
Comprehensive endpoint protection solution providing advanced threat detection, proactive defense, and efficient management.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
PolySwarm is a malware intelligence marketplace that aggregates threat detection engines to provide early detection, unique samples, and higher accuracy.
PolySwarm is a malware intelligence marketplace that aggregates threat detection engines to provide early detection, unique samples, and higher accuracy.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.
Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
Repository of plugins for the Honeycomb honeypot framework
Amazon GuardDuty is a threat detection service for AWS accounts.
Amazon GuardDuty is a threat detection service for AWS accounts.
High-performance remote packet capture and collection tool used for forensic analysis in cloud workloads.
High-performance remote packet capture and collection tool used for forensic analysis in cloud workloads.
IT Security Guru provides up-to-date news and expert insights on a wide range of cybersecurity topics.
IT Security Guru provides up-to-date news and expert insights on a wide range of cybersecurity topics.
