Threat Detection

Anvilogic is a SIEM platform that streamlines detection engineering, offers cost-effective data management, and enhances threat detection capabilities.

AI-powered SASE platform for securing hybrid workforce and branch networks

Secures GenAI app usage with visibility, data protection, and threat defense

LogRhythm NetMon is a network traffic analytics tool that provides real-time visibility, automated threat detection, and investigation capabilities for organizational networks.

LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.

Exabeam Security Operations Platform is a cloud-native security platform that applies AI and automation to security operations workflows for threat detection, investigation, and response.

Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.

Akamai Guardicore Segmentation is a microsegmentation tool that provides network visibility, policy creation, and enforcement to prevent lateral movement and protect critical assets in diverse IT environments.

AI security solution protecting models, agents, data, and prompts

Vectra AI offers an AI-driven Attack Signal Intelligence platform that uses advanced machine learning to detect and respond to cyber threats across hybrid cloud environments.

AI-powered security operations platform for automated threat analysis and response

Darktrace is a cyber security solution that uses AI to detect and prevent cyber attacks in real-time.

A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.

A collection of YARA rules for Windows, Linux, and Other threats.

Varna is an AWS serverless security tool that monitors CloudTrail logs using Event Query Language to detect and alert on suspicious activities in cloud environments.

An open-source OSINT honeypot that monitors threat actor reconnaissance attempts and generates early-warning intelligence for blue teams during the pre-attack phase.

ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.

An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.

A defense-in-depth security automation framework for AWS that combines threat intelligence, machine learning, and serverless technologies to prevent, detect, and respond to threats through automated security telemetry collection and analysis.

A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing, utilizing Message Query Language (MQL) for behavior description.

A repository of officially managed detection rules for the Falco runtime security monitoring system that identifies threats, abnormal behaviors, and compliance violations through syscall and container event analysis.

YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.

A repository of YARA rules for identifying and classifying malware through pattern-based detection.

Apache Spot is an open source big data platform that analyzes network flows and packet data to identify security threats and provide visibility into enterprise computing environments.