Threat Intelligence
Explore 227 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 4 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Vulnerability Management
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Mimecast Engage is a human risk management platform that combines AI-powered email security with security awareness training to protect against threats and reduce risks from user behavior.
Mimecast Engage is a human risk management platform that combines AI-powered email security with security awareness training to protect against threats and reduce risks from user behavior.
SimSpace Platform is a cyber range solution that provides realistic environments for cybersecurity training, testing, and optimization of security capabilities.
SimSpace Platform is a cyber range solution that provides realistic environments for cybersecurity training, testing, and optimization of security capabilities.
A digital risk protection platform that monitors clear, deep, and dark web environments to identify and remediate external threats targeting organizations.
A digital risk protection platform that monitors clear, deep, and dark web environments to identify and remediate external threats targeting organizations.
A comprehensive threat intelligence platform that monitors cybercrime underground activities and provides actionable intelligence to help organizations detect and prevent cyber threats.
A comprehensive threat intelligence platform that monitors cybercrime underground activities and provides actionable intelligence to help organizations detect and prevent cyber threats.
Ossprey is a software supply chain security platform that uses AI-powered scanning to detect malicious open source code and prevent supply chain attacks through automated policy enforcement and dependency analysis.
Ossprey is a software supply chain security platform that uses AI-powered scanning to detect malicious open source code and prevent supply chain attacks through automated policy enforcement and dependency analysis.
SpyCloud Enterprise Protection is an identity threat protection platform that monitors dark web sources for compromised credentials and exposed identity data to prevent account takeover and fraud.
SpyCloud Enterprise Protection is an identity threat protection platform that monitors dark web sources for compromised credentials and exposed identity data to prevent account takeover and fraud.
ZeroFox Platform is a unified external cybersecurity solution that helps organizations identify, monitor, and remediate threats across social media, surface web, deep web, and dark web environments.
ZeroFox Platform is a unified external cybersecurity solution that helps organizations identify, monitor, and remediate threats across social media, surface web, deep web, and dark web environments.
Infoblox Threat Defense is a DNS-layer security solution that detects and blocks threats across hybrid and multi-cloud environments by monitoring DNS traffic and leveraging threat intelligence.
Infoblox Threat Defense is a DNS-layer security solution that detects and blocks threats across hybrid and multi-cloud environments by monitoring DNS traffic and leveraging threat intelligence.
A web isolation platform that enables secure, anonymous digital investigations across the surface, deep, and dark web while protecting users from malware and preventing identity exposure.
A web isolation platform that enables secure, anonymous digital investigations across the surface, deep, and dark web while protecting users from malware and preventing identity exposure.
A cyber threat intelligence platform that provides actionable insights from adversarial sources to help organizations proactively detect and mitigate emerging threats.
A cyber threat intelligence platform that provides actionable insights from adversarial sources to help organizations proactively detect and mitigate emerging threats.
A comprehensive external cybersecurity platform that combines AI and human expertise to detect, analyze, and remediate threats outside the traditional security perimeter including brand impersonation, data leakage, and digital asset exposure.
A comprehensive external cybersecurity platform that combines AI and human expertise to detect, analyze, and remediate threats outside the traditional security perimeter including brand impersonation, data leakage, and digital asset exposure.
Red Hand Analyzer is an online tool that provides automated behavioral analysis of PCAP files to detect malicious network activities and security vulnerabilities without decrypting traffic content.
Red Hand Analyzer is an online tool that provides automated behavioral analysis of PCAP files to detect malicious network activities and security vulnerabilities without decrypting traffic content.
Silobreaker is an intelligence platform that processes unstructured data from open and dark web sources to support cyber threat intelligence, vulnerability management, and risk assessment workflows.
Silobreaker is an intelligence platform that processes unstructured data from open and dark web sources to support cyber threat intelligence, vulnerability management, and risk assessment workflows.
Silent Push Platform provides preemptive cyber defense by identifying malicious infrastructure before attacks are launched using Indicators of Future Attack (IOFA)™ technology.
Silent Push Platform provides preemptive cyber defense by identifying malicious infrastructure before attacks are launched using Indicators of Future Attack (IOFA)™ technology.
A digital risk monitoring platform that provides automated security posture assessment, threat intelligence, and continuous monitoring of enterprise digital assets across multiple risk vectors.
A digital risk monitoring platform that provides automated security posture assessment, threat intelligence, and continuous monitoring of enterprise digital assets across multiple risk vectors.
HYAS Insight is a threat intelligence platform that provides infrastructure intelligence and cyber threat hunting capabilities for security operations, fraud investigations, and adversary profiling.
HYAS Insight is a threat intelligence platform that provides infrastructure intelligence and cyber threat hunting capabilities for security operations, fraud investigations, and adversary profiling.
A cloud-based email security platform that provides comprehensive protection against email threats through multiple security layers, threat intelligence integration, and seamless integration with existing email infrastructures.
A cloud-based email security platform that provides comprehensive protection against email threats through multiple security layers, threat intelligence integration, and seamless integration with existing email infrastructures.
Darkscope is an AI-powered threat intelligence platform that uses virtual personas to monitor the dark web, social media, and deep web for cyber threats and security risks targeting organizations.
Darkscope is an AI-powered threat intelligence platform that uses virtual personas to monitor the dark web, social media, and deep web for cyber threats and security risks targeting organizations.
GroupSense Digital Risk Protection Services provides curated threat intelligence and attack surface monitoring through their Tracelight platform to help organizations prioritize and mitigate cyber threats.
GroupSense Digital Risk Protection Services provides curated threat intelligence and attack surface monitoring through their Tracelight platform to help organizations prioritize and mitigate cyber threats.
Zero Day Live is a threat intelligence platform that provides early detection of malware and zero-day vulnerabilities through a proprietary sensor network processing over 1 billion data points.
Zero Day Live is a threat intelligence platform that provides early detection of malware and zero-day vulnerabilities through a proprietary sensor network processing over 1 billion data points.
FortiRecon is a SaaS-based Continuous Threat Exposure Management service that combines Attack Surface Management, Brand Protection, and Adversary Centric Intelligence to provide visibility into internal and external risks for early threat detection and response.
FortiRecon is a SaaS-based Continuous Threat Exposure Management service that combines Attack Surface Management, Brand Protection, and Adversary Centric Intelligence to provide visibility into internal and external risks for early threat detection and response.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
An investigative analytics platform that uses machine learning to fuse and analyze data from multiple sources, enabling security organizations to extract insights and identify patterns for threat prevention and complex investigations.
An investigative analytics platform that uses machine learning to fuse and analyze data from multiple sources, enabling security organizations to extract insights and identify patterns for threat prevention and complex investigations.
A managed security service provider specializing in identity security solutions including IAM, IGA, and PAM with implementation, operational, and advisory services.
A managed security service provider specializing in identity security solutions including IAM, IGA, and PAM with implementation, operational, and advisory services.
A network detection and response platform that combines AI-driven behavioral analytics with collaborative threat intelligence sharing across organizations to provide early warning of cyber attacks.
A network detection and response platform that combines AI-driven behavioral analytics with collaborative threat intelligence sharing across organizations to provide early warning of cyber attacks.
A phishing detection and response platform that combines human intelligence from millions of trained employees with AI/ML to identify and remediate email threats that bypass traditional security gateways.
A phishing detection and response platform that combines human intelligence from millions of trained employees with AI/ML to identify and remediate email threats that bypass traditional security gateways.
A security analytics platform that integrates with Google Chronicle to deliver Autonomic Security Operations through data engineering, detection engineering, and response engineering.
A security analytics platform that integrates with Google Chronicle to deliver Autonomic Security Operations through data engineering, detection engineering, and response engineering.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
InSights by InQuest is a threat intelligence platform that delivers curated feeds of IOCs and C2 information to help security teams detect and respond to emerging threats.
InSights by InQuest is a threat intelligence platform that delivers curated feeds of IOCs and C2 information to help security teams detect and respond to emerging threats.
A digital risk protection platform that combines threat intelligence, dark web monitoring, attack surface management, brand protection, and supply chain intelligence to detect and respond to external cyber threats.
A digital risk protection platform that combines threat intelligence, dark web monitoring, attack surface management, brand protection, and supply chain intelligence to detect and respond to external cyber threats.
A threat exposure management platform that monitors clear and dark web environments to detect and provide actionable intelligence on potential security threats like data leaks, credentials, and malicious actor activities.
A threat exposure management platform that monitors clear and dark web environments to detect and provide actionable intelligence on potential security threats like data leaks, credentials, and malicious actor activities.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
Todyl is a modular cybersecurity platform that consolidates SASE, SIEM, EDR/NGAV, MXDR, and GRC capabilities into a single-agent solution with centralized management.
Todyl is a modular cybersecurity platform that consolidates SASE, SIEM, EDR/NGAV, MXDR, and GRC capabilities into a single-agent solution with centralized management.
A threat intelligence platform that collects, analyzes, and operationalizes threat data from multiple sources to help organizations identify and respond to security threats.
A threat intelligence platform that collects, analyzes, and operationalizes threat data from multiple sources to help organizations identify and respond to security threats.
An email security platform that combines human intelligence from millions of trained employees with AI/ML to detect, report, analyze, and remediate phishing attacks that bypass traditional security gateways.
An email security platform that combines human intelligence from millions of trained employees with AI/ML to detect, report, analyze, and remediate phishing attacks that bypass traditional security gateways.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
A threat intelligence service providing actionable IoCs and security data feeds to help organizations detect, block, and respond to cyber threats.
A threat intelligence service providing actionable IoCs and security data feeds to help organizations detect, block, and respond to cyber threats.
A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.
A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.
ASPIA InfoTech offers a unified platform for enterprise security workflow automation with solutions spanning application security, vulnerability management, GRC, and security incident management.
ASPIA InfoTech offers a unified platform for enterprise security workflow automation with solutions spanning application security, vulnerability management, GRC, and security incident management.
A unified extended detection and response (XDR) platform that provides comprehensive visibility and protection across hybrid IT environments through integrated prevention, detection, and response capabilities.
A unified extended detection and response (XDR) platform that provides comprehensive visibility and protection across hybrid IT environments through integrated prevention, detection, and response capabilities.
Outpost24 Managed Security Services offers proactive security monitoring and management across networks, endpoints, applications, and clouds through a comprehensive CTEM platform with expert-led validation and unified risk visibility.
Outpost24 Managed Security Services offers proactive security monitoring and management across networks, endpoints, applications, and clouds through a comprehensive CTEM platform with expert-led validation and unified risk visibility.
A cloud-based security platform providing WAAP, ZTNA, public cloud security management, and threat intelligence sharing capabilities.
A cloud-based security platform providing WAAP, ZTNA, public cloud security management, and threat intelligence sharing capabilities.
A threat intelligence platform that provides comprehensive visibility into an organization's attack surface by collecting, analyzing, and structuring threat data to enable proactive security measures against emerging threats.
A threat intelligence platform that provides comprehensive visibility into an organization's attack surface by collecting, analyzing, and structuring threat data to enable proactive security measures against emerging threats.
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
StrikeOne is a vulnerability management platform with AI capabilities that helps organizations identify, prioritize, and remediate security vulnerabilities through attack surface management, vulnerability management, and cybersecurity posture assessment.
StrikeOne is a vulnerability management platform with AI capabilities that helps organizations identify, prioritize, and remediate security vulnerabilities through attack surface management, vulnerability management, and cybersecurity posture assessment.
DeTCT is a digital risk discovery and protection platform that monitors attack surfaces, vulnerabilities, data leaks, brand impersonation, and third-party risks to help organizations manage their cyber risk posture.
DeTCT is a digital risk discovery and protection platform that monitors attack surfaces, vulnerabilities, data leaks, brand impersonation, and third-party risks to help organizations manage their cyber risk posture.
A dark web monitoring platform that scans dark and deep web sources to detect exposed organizational data, compromised credentials, domain spoofing, and supply chain threats.
A dark web monitoring platform that scans dark and deep web sources to detect exposed organizational data, compromised credentials, domain spoofing, and supply chain threats.
A data-driven OT risk management platform that uses digital twin technology and breach simulations to assess cybersecurity risks, optimize mitigation strategies, and ensure compliance with industry standards.
A data-driven OT risk management platform that uses digital twin technology and breach simulations to assess cybersecurity risks, optimize mitigation strategies, and ensure compliance with industry standards.
A vulnerability and exposure management platform that unifies security tool data, automates workflows, and provides risk-based prioritization for enterprise vulnerability management programs.
A vulnerability and exposure management platform that unifies security tool data, automates workflows, and provides risk-based prioritization for enterprise vulnerability management programs.
A cyber risk management platform that financially quantifies cyber risks and provides actionable mitigation strategies while integrating with insurance coverage.
A cyber risk management platform that financially quantifies cyber risks and provides actionable mitigation strategies while integrating with insurance coverage.
A threat intelligence platform that monitors, analyzes, and provides detailed information about threat actors targeting non-human identities across various industries.
A threat intelligence platform that monitors, analyzes, and provides detailed information about threat actors targeting non-human identities across various industries.
A threat intelligence and vulnerability monitoring platform that aggregates security alerts from trusted sources and provides customizable monitoring and notification capabilities.
A threat intelligence and vulnerability monitoring platform that aggregates security alerts from trusted sources and provides customizable monitoring and notification capabilities.
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
An IP address intelligence API that provides geolocation data and threat detection capabilities for IPv4 and IPv6 addresses.
An IP address intelligence API that provides geolocation data and threat detection capabilities for IPv4 and IPv6 addresses.
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
AIL Framework is a modular system for analyzing and detecting information leaks from unstructured data sources, with capabilities for data extraction, correlation, and integration with threat intelligence platforms.
AIL Framework is a modular system for analyzing and detecting information leaks from unstructured data sources, with capabilities for data extraction, correlation, and integration with threat intelligence platforms.
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.
The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.
TheHive is a case management platform for security operations teams that facilitates incident response, threat analysis, and team collaboration.
TheHive is a case management platform for security operations teams that facilitates incident response, threat analysis, and team collaboration.
The Upstream Security Platform is a cloud-based solution for monitoring and securing connected vehicles and mobility IoT devices, offering features such as cybersecurity detection, API protection, and fraud detection.
The Upstream Security Platform is a cloud-based solution for monitoring and securing connected vehicles and mobility IoT devices, offering features such as cybersecurity detection, API protection, and fraud detection.
A collaborative repository documenting TTPs and attack patterns associated with malicious OIDC/OAuth 2.0 applications.
A collaborative repository documenting TTPs and attack patterns associated with malicious OIDC/OAuth 2.0 applications.
A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.
A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.
Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.
Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.
Infinity Platform / Infinity AI is an AI-powered threat intelligence and generative AI service that combines AI-powered threat intelligence with generative AI capabilities for comprehensive threat prevention, automated threat response, and efficient security administration.
Infinity Platform / Infinity AI is an AI-powered threat intelligence and generative AI service that combines AI-powered threat intelligence with generative AI capabilities for comprehensive threat prevention, automated threat response, and efficient security administration.
Provides advanced external threat intelligence to help organizations proactively identify and mitigate potential security threats.
Provides advanced external threat intelligence to help organizations proactively identify and mitigate potential security threats.
A tool for identifying potential security threats by fetching known URLs and filtering out URLs with open redirection or SSRF parameters.
A tool for identifying potential security threats by fetching known URLs and filtering out URLs with open redirection or SSRF parameters.
VirusTotal API v3 is a threat intelligence platform for scanning files, URLs, and IP addresses, and retrieving reports on threat reputation and context.
VirusTotal API v3 is a threat intelligence platform for scanning files, URLs, and IP addresses, and retrieving reports on threat reputation and context.
Microsoft Defender for Endpoint is a comprehensive endpoint security solution that provides industry-leading, multi-platform detection and response capabilities.
Microsoft Defender for Endpoint is a comprehensive endpoint security solution that provides industry-leading, multi-platform detection and response capabilities.
A cybersecurity blog from Microsoft, featuring articles and guides on various security topics, including AI, threat intelligence, cloud security, and incident response.
A cybersecurity blog from Microsoft, featuring articles and guides on various security topics, including AI, threat intelligence, cloud security, and incident response.
An open-source OSINT honeypot that monitors threat actor reconnaissance attempts and generates early-warning intelligence for blue teams during the pre-attack phase.
A platform for accessing threat intelligence and collaborating on cyber threats.
A platform for accessing threat intelligence and collaborating on cyber threats.
HoneyFS is an LLM-powered honeypot tool that generates realistic fake file systems using GPT-3.5 to deceive attackers and enhance security analysis.
A defense-in-depth security automation framework for AWS that combines threat intelligence, machine learning, and serverless technologies to prevent, detect, and respond to threats through automated security telemetry collection and analysis.
A defense-in-depth security automation framework for AWS that combines threat intelligence, machine learning, and serverless technologies to prevent, detect, and respond to threats through automated security telemetry collection and analysis.
A project sharing malicious URLs used for malware distribution to help protect networks.
A project sharing malicious URLs used for malware distribution to help protect networks.
A threat intelligence domain/IP/hash threat feeds checker that checks IPVoid, URLVoid, Virustotal, and Cymon.
A threat intelligence domain/IP/hash threat feeds checker that checks IPVoid, URLVoid, Virustotal, and Cymon.
Malware Patrol offers a range of threat intelligence solutions, including enterprise data feeds, DNS firewall, phishing threat intelligence, and small business protection.
Malware Patrol offers a range of threat intelligence solutions, including enterprise data feeds, DNS firewall, phishing threat intelligence, and small business protection.
A repository of freely usable Yara rules for detection systems, with automated error detection workflows.
A repository of freely usable Yara rules for detection systems, with automated error detection workflows.
A project providing open-source YARA rules for malware and malicious file detection
A project providing open-source YARA rules for malware and malicious file detection
A Python library that provides an interface to query ThreatCrowd's API for threat intelligence data including email, IP, domain, and antivirus reports with built-in caching capabilities.
A Python library that provides an interface to query ThreatCrowd's API for threat intelligence data including email, IP, domain, and antivirus reports with built-in caching capabilities.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
Comprehensive suite for advanced file analysis and software supply chain security.
Comprehensive suite for advanced file analysis and software supply chain security.
Cloud Sniper is a centralized cloud security operations platform that provides incident response, threat correlation, and automated security actions for cloud infrastructure protection.
Cloud Sniper is a centralized cloud security operations platform that provides incident response, threat correlation, and automated security actions for cloud infrastructure protection.
A knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.
A knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
A list of most queried domains based on passive DNS usage across the Umbrella global network.
A list of most queried domains based on passive DNS usage across the Umbrella global network.
Facilitating exchange of information and knowledge to collectively protect against cyberattacks.
Facilitating exchange of information and knowledge to collectively protect against cyberattacks.
A comprehensive guide to digital forensics and incident response, covering incident response frameworks, digital forensic techniques, and threat intelligence.
A comprehensive guide to digital forensics and incident response, covering incident response frameworks, digital forensic techniques, and threat intelligence.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
A new approach to computer network defense that leverages knowledge about advanced persistent threats, using a kill chain model to describe phases of intrusions and map adversary kill chain indicators to defender courses of action.
A new approach to computer network defense that leverages knowledge about advanced persistent threats, using a kill chain model to describe phases of intrusions and map adversary kill chain indicators to defender courses of action.
A comprehensive Threat Intelligence Program Management Solution for managing the entire CTI lifecycle.
A comprehensive Threat Intelligence Program Management Solution for managing the entire CTI lifecycle.
Threat intelligence and digital risk protection platform
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.
PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.
Aggregates security threats from online sources and outputs to various formats.
Aggregates security threats from online sources and outputs to various formats.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
A collection of YARA rules for public use, built from intelligence profiles and file work.
A collection of YARA rules for public use, built from intelligence profiles and file work.
GCTI's open-source detection signatures for malware and threat detection
GCTI's open-source detection signatures for malware and threat detection
A minimal library to generate YARA rules from JAVA with maven support.
A minimal library to generate YARA rules from JAVA with maven support.
A program to extract IOCs from text files using regular expressions
A program to extract IOCs from text files using regular expressions
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.
A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.
A Python web application that provides statistical analysis and visualization for Glastopf honeypot data by connecting to the honeypot's SQLite database.
A neo4j-based data management platform with command-line interface for analyzing cyber threat indicators and other data points through graph database traversal.
A neo4j-based data management platform with command-line interface for analyzing cyber threat indicators and other data points through graph database traversal.
A free threat intelligence feed and banlist feed of known malicious IP addresses for public use only.
A free threat intelligence feed and banlist feed of known malicious IP addresses for public use only.
A framework for managing cyber threat intelligence in structured formats.
A framework for managing cyber threat intelligence in structured formats.
Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.
Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.
HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.
HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A data visualization and statistical analysis tool for measuring the quality and effectiveness of threat intelligence indicator feeds through various analytical tests.
A data visualization and statistical analysis tool for measuring the quality and effectiveness of threat intelligence indicator feeds through various analytical tests.
PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.
PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.
MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
Platform providing community-driven threat intelligence on cyber threats with a focus on malware and botnets.
Platform providing community-driven threat intelligence on cyber threats with a focus on malware and botnets.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.
A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.
Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and share results with the security community.
Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and share results with the security community.
Interactive online malware sandbox for real-time analysis and threat intelligence
Interactive online malware sandbox for real-time analysis and threat intelligence
n6 is a network security incident exchange system that collects, manages, and distributes threat and incident data through REST API and web interfaces for authorized users.
n6 is a network security incident exchange system that collects, manages, and distributes threat and incident data through REST API and web interfaces for authorized users.
A set of rules for detecting threats in various formats, including Snort, Yara, ClamAV, and HXIOC.
A set of rules for detecting threats in various formats, including Snort, Yara, ClamAV, and HXIOC.
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
A collection of public YARA signatures for various malware families.
A collection of public YARA signatures for various malware families.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
OSTrICa is an open source plugin-based framework that collects and visualizes threat intelligence data from various sources to help cybersecurity professionals correlate IoCs and enhance their defensive capabilities.
OSTrICa is an open source plugin-based framework that collects and visualizes threat intelligence data from various sources to help cybersecurity professionals correlate IoCs and enhance their defensive capabilities.
nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.
nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
Knowledge base workflow management dashboard for YARA rules and C2 artifacts.
Knowledge base workflow management dashboard for YARA rules and C2 artifacts.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
Forager is a threat intelligence tool that simplifies the retrieval, storage, and maintenance of threat data with a user-friendly interface and support for various data sources.
Forager is a threat intelligence tool that simplifies the retrieval, storage, and maintenance of threat data with a user-friendly interface and support for various data sources.
A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.
A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.
Repository containing IoCs related to Volexity's threat intelligence blog posts and tools.
Repository containing IoCs related to Volexity's threat intelligence blog posts and tools.
Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.
Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.
Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.
Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.
CyberOwl aggregates and summarizes daily security advisories from multiple CERT organizations and threat intelligence sources into consolidated reports.
CyberOwl aggregates and summarizes daily security advisories from multiple CERT organizations and threat intelligence sources into consolidated reports.
Maldatabase is a threat intelligence platform providing malware datasets and threat intelligence feeds for malware data science and threat intelligence.
Maldatabase is a threat intelligence platform providing malware datasets and threat intelligence feeds for malware data science and threat intelligence.
A method for profiling SSL/TLS Clients with easy-to-produce client fingerprints.
A method for profiling SSL/TLS Clients with easy-to-produce client fingerprints.
An Active Defense framework for detecting and responding to phishing attacks in Office 365 Message Trace logs.
An Active Defense framework for detecting and responding to phishing attacks in Office 365 Message Trace logs.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
CAPEC™ is a comprehensive dictionary of known attack patterns used by adversaries to exploit weaknesses in cyber-enabled capabilities.
CAPEC™ is a comprehensive dictionary of known attack patterns used by adversaries to exploit weaknesses in cyber-enabled capabilities.
Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.
Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.
Collection of YARA signatures from recent malware research.
Collection of YARA signatures from recent malware research.
YETI is a proof-of-concept TAXII implementation that supports Inbox, Poll, and Discovery services for automated cyber threat intelligence indicator exchange.
YETI is a proof-of-concept TAXII implementation that supports Inbox, Poll, and Discovery services for automated cyber threat intelligence indicator exchange.
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.
A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Naked Security by Sophos offers expert insights and practical advice on cybersecurity threats and protection strategies.
Naked Security by Sophos offers expert insights and practical advice on cybersecurity threats and protection strategies.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
A tool for fetching and visualizing cyber threat intelligence data with Elasticsearch and Kibana integration.
A tool for fetching and visualizing cyber threat intelligence data with Elasticsearch and Kibana integration.
Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.
Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.
A centralized tool for security monitoring and analysis that integrates various open source big data technologies.
A centralized tool for security monitoring and analysis that integrates various open source big data technologies.
ThreatNote is a threat intelligence platform that provides real-time updates on emerging cybersecurity threats, vulnerabilities, and attack vectors to help organizations enhance their security posture.
ThreatNote is a threat intelligence platform that provides real-time updates on emerging cybersecurity threats, vulnerabilities, and attack vectors to help organizations enhance their security posture.
CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.
CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.
RiskAnalytics Solutions offers community projects for cyber threat intelligence sharing and collaboration.
RiskAnalytics Solutions offers community projects for cyber threat intelligence sharing and collaboration.
CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.
CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.
Gathers Threat Intelligence Feeds from publicly available sources and provides detailed output in CSV format.
Gathers Threat Intelligence Feeds from publicly available sources and provides detailed output in CSV format.
Define and validate YARA rule metadata with CCCS YARA Specification.
Define and validate YARA rule metadata with CCCS YARA Specification.
Globally-accessible knowledge base of adversary tactics and techniques for cybersecurity.
Globally-accessible knowledge base of adversary tactics and techniques for cybersecurity.
Repository of APT-related documents and notes sorted by year.
QRadio is a tool/framework designed to consolidate cyber threats intelligence sources.
QRadio is a tool/framework designed to consolidate cyber threats intelligence sources.
SecurityWeek provides comprehensive cybersecurity news and analysis across various security domains.
SecurityWeek provides comprehensive cybersecurity news and analysis across various security domains.
A collection of Yara rules licensed under the DRL 1.1 License.
A collection of Yara rules licensed under the DRL 1.1 License.
An interactive command line application for Open Source Intelligence collection and artifact management that enables investigation of IP addresses, domains, email addresses, file hashes, and other digital artifacts.
An interactive command line application for Open Source Intelligence collection and artifact management that enables investigation of IP addresses, domains, email addresses, file hashes, and other digital artifacts.
BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.
BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
A reconnaissance tool that analyzes expired domains for categorization, reputation, and Archive.org history to identify candidates suitable for phishing and C2 operations.
A reconnaissance tool that analyzes expired domains for categorization, reputation, and Archive.org history to identify candidates suitable for phishing and C2 operations.
An open source threat intelligence platform for storing and managing cyber threat intelligence knowledge.
An open source threat intelligence platform for storing and managing cyber threat intelligence knowledge.
A project focusing on understanding and combating threats to the Internet economy and net citizens.
A project focusing on understanding and combating threats to the Internet economy and net citizens.
A Flask-based honeypot that simulates Outlook Web App (OWA) environments to attract and analyze malicious activities targeting OWA systems.
A command-line tool that fetches known URLs from various sources to identify potential security threats and vulnerabilities.
A command-line tool that fetches known URLs from various sources to identify potential security threats and vulnerabilities.
A comprehensive guide to network security monitoring, teaching readers how to detect and respond to intrusions using open source software and vendor-neutral tools.
A comprehensive guide to network security monitoring, teaching readers how to detect and respond to intrusions using open source software and vendor-neutral tools.
Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.
Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.
Go bindings for YARA with installation and build instructions.
A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.
A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.
Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.
CrowdSec is a collaborative behavior detection engine that analyzes system logs to identify and block malicious activities using community-shared threat intelligence.
CrowdSec is a collaborative behavior detection engine that analyzes system logs to identify and block malicious activities using community-shared threat intelligence.
Repository containing MITRE ATT&CK and CAPEC threat intelligence datasets formatted in STIX 2.0 standard for cybersecurity analysis and threat intelligence sharing.
Repository containing MITRE ATT&CK and CAPEC threat intelligence datasets formatted in STIX 2.0 standard for cybersecurity analysis and threat intelligence sharing.
Maltiverse automates Threat Intelligence for small and medium-sized SecOps teams, providing an effective and affordable service.
Maltiverse automates Threat Intelligence for small and medium-sized SecOps teams, providing an effective and affordable service.
Intelligence feeds for cybersecurity professionals to stay informed about emerging threats and trends.
Intelligence feeds for cybersecurity professionals to stay informed about emerging threats and trends.
A single cybersecurity platform that provides holistic security management, prevention, detection, and response capabilities powered by AI and threat intelligence, designed to simplify and converge security operations in diverse hybrid IT environments.
A single cybersecurity platform that provides holistic security management, prevention, detection, and response capabilities powered by AI and threat intelligence, designed to simplify and converge security operations in diverse hybrid IT environments.
A Python library for handling TAXII v1.x messages and services to enable automated threat intelligence sharing and indicator exchange.
A Python library for handling TAXII v1.x messages and services to enable automated threat intelligence sharing and indicator exchange.
HpfeedsHoneyGraph is a visualization application that creates graphical representations of hpfeeds logs to aid cybersecurity analysis of honeypot data.
HpfeedsHoneyGraph is a visualization application that creates graphical representations of hpfeeds logs to aid cybersecurity analysis of honeypot data.
A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.
A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.
Open Source Threat Intelligence Gathering and Processing Framework
The FASTEST Way to Consume Threat Intelligence and make it actionable.
The FASTEST Way to Consume Threat Intelligence and make it actionable.
eCrimeLabs provides a SOAR platform for threat detection and response, integrated with MISP.
eCrimeLabs provides a SOAR platform for threat detection and response, integrated with MISP.
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
Repository of Yara Rules created by TjNel.
AhnLab PLUS is a unified security platform providing comprehensive cybersecurity solutions for businesses.
AhnLab PLUS is a unified security platform providing comprehensive cybersecurity solutions for businesses.
A tool that checks if domains are present in Alexa or Cisco top one million domain lists for reputation assessment and threat analysis.
A tool that checks if domains are present in Alexa or Cisco top one million domain lists for reputation assessment and threat analysis.
Tool for managing Yara rules on VirusTotal
Developer documentation providing REST API and SDK resources for ThreatConnect platform integration across Python, Java, and JavaScript environments.
An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.
An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.
In-depth analysis of real-world attacks and threat tactics
In-depth analysis of real-world attacks and threat tactics
A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.
A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Open-source, free, and scalable cyber threat intelligence and security incident response solution with improved performance and new features.
Open-source, free, and scalable cyber threat intelligence and security incident response solution with improved performance and new features.
A vulnerability assessment and management tool that uses patented technology to accurately identify vulnerabilities and prioritize them by risk.
A vulnerability assessment and management tool that uses patented technology to accurately identify vulnerabilities and prioritize them by risk.
Threat intelligence platform providing real-time threat data and insights.
Threat intelligence platform providing real-time threat data and insights.
Python 3 tool for parsing Yara rules with ongoing development.
cowrie2neo parses Cowrie honeypot logs and imports the data into Neo4j databases for graph-based analysis and visualization of honeypot interactions.
Apache Metron is a centralized tool for security monitoring and analysis that integrates various open-source big data technologies.
Apache Metron is a centralized tool for security monitoring and analysis that integrates various open-source big data technologies.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
NECOMA focuses on data collection, threat analysis, and developing new cyberdefense mechanisms to protect infrastructure and endpoints.
NECOMA focuses on data collection, threat analysis, and developing new cyberdefense mechanisms to protect infrastructure and endpoints.
PolySwarm is a malware intelligence marketplace that aggregates threat detection engines to provide early detection, unique samples, and higher accuracy.
PolySwarm is a malware intelligence marketplace that aggregates threat detection engines to provide early detection, unique samples, and higher accuracy.
A Python telnet honeypot that emulates shell environments to capture and analyze IoT malware and botnet binaries through automated detection mechanisms.
A Python telnet honeypot that emulates shell environments to capture and analyze IoT malware and botnet binaries through automated detection mechanisms.
An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.
An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.
An extendable tool to extract and aggregate IOCs from threat feeds, integrates with ThreatKB and MISP.
An extendable tool to extract and aggregate IOCs from threat feeds, integrates with ThreatKB and MISP.
A publicly available dataset of security incidents designed to support cybersecurity research and threat analysis.
A publicly available dataset of security incidents designed to support cybersecurity research and threat analysis.
Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.
Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.
A plugin repository that extends the Honeycomb honeypot framework with additional features and capabilities for enhanced threat detection and analysis.
A plugin repository that extends the Honeycomb honeypot framework with additional features and capabilities for enhanced threat detection and analysis.
TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.
TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.
A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.
A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.
DDoSPot is a plugin-based honeypot platform that tracks UDP-based DDoS attacks and generates daily blacklists of potential attackers and scanners.
CLI tool for ThreatCrowd.org with multiple query functions.
Recorded talks from Hack.lu 2018 covering various cybersecurity topics.
Recorded talks from Hack.lu 2018 covering various cybersecurity topics.
A comprehensive guide to developing an incident response capability through intelligence-based threat hunting, covering theoretical concepts and real-life scenarios.
A comprehensive guide to developing an incident response capability through intelligence-based threat hunting, covering theoretical concepts and real-life scenarios.
ActorTrackr is an open source web application for storing, searching, and linking threat actor intelligence data from public repositories and user contributions.
ActorTrackr is an open source web application for storing, searching, and linking threat actor intelligence data from public repositories and user contributions.
Pulsedive is a threat intelligence platform that provides frictionless threat intelligence for growing teams, offering features such as indicator enrichment, threat research, and API integration.
Pulsedive is a threat intelligence platform that provides frictionless threat intelligence for growing teams, offering features such as indicator enrichment, threat research, and API integration.
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.
msticpy is a Python library for InfoSec investigation and threat hunting in Jupyter Notebooks, providing data querying, threat intelligence enrichment, analysis capabilities, and interactive visualizations.
msticpy is a Python library for InfoSec investigation and threat hunting in Jupyter Notebooks, providing data querying, threat intelligence enrichment, analysis capabilities, and interactive visualizations.