Threat Detection
Explore 60 curated tools and resources
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
LATEST ADDITIONS
An AI-powered email security platform that provides multi-layered protection against phishing, malware, and other email-based threats through various deployment options.
A security operations platform that provides automated threat detection, access control, and protection against various online attacks through Cloudflare integration.
A cloud-native application protection platform that provides comprehensive security monitoring, vulnerability management, and threat detection for cloud environments and container workloads.
An enterprise API security platform that combines API discovery, protection, testing, and monitoring capabilities with contextual analysis for comprehensive API ecosystem security.
A mapping tool that correlates MITRE ATT&CK techniques with atomic tests and detection rules to analyze security detection coverage.
A threat intelligence platform that monitors, analyzes, and provides detailed information about threat actors targeting non-human identities across various industries.
A security platform that automates the deployment and management of security canaries across cloud infrastructure to detect potential intrusions and unauthorized access.
A threat intelligence and vulnerability monitoring platform that aggregates security alerts from trusted sources and provides customizable monitoring and notification capabilities.
A newsletter service that tracks and reports weekly changes in detection engineering rules and updates across multiple GitHub repositories.
Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Anvilogic is a SIEM platform that streamlines detection engineering, offers cost-effective data management, and enhances threat detection capabilities.
LogRhythm NetMon is a network traffic analytics tool that provides real-time visibility, automated threat detection, and investigation capabilities for organizational networks.
LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.
Exabeam Security Operations Platform is a cloud-native security platform that applies AI and automation to security operations workflows for threat detection, investigation, and response.
Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.
Akamai Guardicore Segmentation is a microsegmentation tool that provides network visibility, policy creation, and enforcement to prevent lateral movement and protect critical assets in diverse IT environments.
Vectra AI offers an AI-driven Attack Signal Intelligence platform that uses advanced machine learning to detect and respond to cyber threats across hybrid cloud environments.
Darktrace is a cyber security solution that uses AI to detect and prevent cyber attacks in real-time.
A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.
A collection of YARA rules for Windows, Linux, and Other threats.
An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.
A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing, utilizing Message Query Language (MQL) for behavior description.
Repository of YARA rules for identifying and classifying malware.
Cloud-based virus scan APIs for securing files, URLs, and content uploads with advanced anti-virus and malware scanning capabilities.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
A runtime threat management and attack path enumeration tool for cloud-native environments
A tool for identifying and analyzing Java serialized objects in network traffic
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A collection of YARA rules for public use, built from intelligence profiles and file work.
YARA rules for ProcFilter to detect malware and threats
Comprehensive cybersecurity platform for hybrid and multi-cloud environments
Free tools for the CrowdStrike customer community to support their use of the Falcon platform.
A honeypot system designed to detect and analyze potential security threats
A powerful tool for analyzing and visualizing system activity timelines.
A crawler-based low-interaction client honeypot for exposing website threats.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.
A honeypot agent for running honeypots with service and data at threatwar.com.
A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.
Real-time, container-based file scanning system for threat hunting and incident response.
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.
CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.
IBM QRadar is a SIEM solution for real-time threat detection.
Open-source rules for detecting and preventing email attacks like BEC, malware, and credential phishing.
Collects and organizes Linux OS data for detailed analysis and incident response.
Official repository of YARA rules for threat detection and hunting
Comprehensive endpoint protection solution providing advanced threat detection, proactive defense, and efficient management.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
PolySwarm is a malware intelligence marketplace that aggregates threat detection engines to provide early detection, unique samples, and higher accuracy.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
Repository of plugins for the Honeycomb honeypot framework
Amazon GuardDuty is a threat detection service for AWS accounts.
High-performance remote packet capture and collection tool used for forensic analysis in cloud workloads.
IT Security Guru provides up-to-date news and expert insights on a wide range of cybersecurity topics.