43 tools and resources
Vectra AI offers an AI-driven Attack Signal Intelligence platform that uses advanced machine learning to detect and respond to cyber threats across hybrid cloud environments.
Darktrace is a cyber security solution that uses AI to detect and prevent cyber attacks in real-time.
A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.
A collection of YARA rules for Windows, Linux, and Other threats.
An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.
A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing, utilizing Message Query Language (MQL) for behavior description.
Repository of YARA rules for identifying and classifying malware.
Cloud-based virus scan APIs for securing files, URLs, and content uploads with advanced anti-virus and malware scanning capabilities.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
A runtime threat management and attack path enumeration tool for cloud-native environments
A tool for identifying and analyzing Java serialized objects in network traffic
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A collection of YARA rules for public use, built from intelligence profiles and file work.
YARA rules for ProcFilter to detect malware and threats
Comprehensive cybersecurity platform for hybrid and multi-cloud environments
Free tools for the CrowdStrike customer community to support their use of the Falcon platform.
A honeypot system designed to detect and analyze potential security threats
A powerful tool for analyzing and visualizing system activity timelines.
A crawler-based low-interaction client honeypot for exposing website threats.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.
A honeypot agent for running honeypots with service and data at threatwar.com.
A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.
Real-time, container-based file scanning system for threat hunting and incident response.
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.
CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.
IBM QRadar is a SIEM solution for real-time threat detection.
Open-source rules for detecting and preventing email attacks like BEC, malware, and credential phishing.
Collects and organizes Linux OS data for detailed analysis and incident response.
Official repository of YARA rules for threat detection and hunting
Comprehensive endpoint protection solution providing advanced threat detection, proactive defense, and efficient management.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
PolySwarm is a malware intelligence marketplace that aggregates threat detection engines to provide early detection, unique samples, and higher accuracy.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
Repository of plugins for the Honeycomb honeypot framework
Amazon GuardDuty is a threat detection service for AWS accounts.
High-performance remote packet capture and collection tool used for forensic analysis in cloud workloads.
IT Security Guru provides up-to-date news and expert insights on a wide range of cybersecurity topics.
