Threat Intelligence
Explore 151 curated tools and resources
LATEST ADDITIONS
An IP address intelligence API that provides geolocation data and threat detection capabilities for IPv4 and IPv6 addresses.
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
AIL Framework is a modular system for analyzing and detecting information leaks from unstructured data sources, with capabilities for data extraction, correlation, and integration with threat intelligence platforms.
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.
TheHive is a case management platform for security operations teams that facilitates incident response, threat analysis, and team collaboration.
The Upstream Security Platform is a cloud-based solution for monitoring and securing connected vehicles and mobility IoT devices, offering features such as cybersecurity detection, API protection, and fraud detection.
RogueApps is a collaborative repository documenting TTPs of malicious OIDC/OAuth 2.0 applications for cybersecurity research and awareness.
Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.
Infinity Platform / Infinity AI is an AI-powered threat intelligence and generative AI service that combines AI-powered threat intelligence with generative AI capabilities for comprehensive threat prevention, automated threat response, and efficient security administration.
Provides advanced external threat intelligence to help organizations proactively identify and mitigate potential security threats.
A tool for identifying potential security threats by fetching known URLs and filtering out URLs with open redirection or SSRF parameters.
VirusTotal API v3 is a threat intelligence platform for scanning files, URLs, and IP addresses, and retrieving reports on threat reputation and context.
Microsoft Defender for Endpoint is a comprehensive endpoint security solution that provides industry-leading, multi-platform detection and response capabilities.
A cybersecurity blog from Microsoft, featuring articles and guides on various security topics, including AI, threat intelligence, cloud security, and incident response.
A platform for accessing threat intelligence and collaborating on cyber threats.
A defense-in-depth security automation and monitoring framework utilizing threat intelligence, machine learning, and serverless technologies.
A project sharing malicious URLs used for malware distribution to help protect networks.
A threat intelligence domain/IP/hash threat feeds checker that checks IPVoid, URLVoid, Virustotal, and Cymon.
Malware Patrol offers a range of threat intelligence solutions, including enterprise data feeds, DNS firewall, phishing threat intelligence, and small business protection.
A repository of freely usable Yara rules for detection systems, with automated error detection workflows.
A project providing open-source YARA rules for malware and malicious file detection
Repository of YARA rules for identifying and classifying malware.
A Python library for querying ThreatCrowd's API for email, IP, domain, and antivirus reports
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
Comprehensive suite for advanced file analysis and software supply chain security.
A knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
A list of most queried domains based on passive DNS usage across the Umbrella global network.
Facilitating exchange of information and knowledge to collectively protect against cyberattacks.
A comprehensive guide to digital forensics and incident response, covering incident response frameworks, digital forensic techniques, and threat intelligence.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
A new approach to computer network defense that leverages knowledge about advanced persistent threats, using a kill chain model to describe phases of intrusions and map adversary kill chain indicators to defender courses of action.
A comprehensive Threat Intelligence Program Management Solution for managing the entire CTI lifecycle.
Threat intelligence and digital risk protection platform
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
OpenIOC editor for building and manipulating threat intelligence data with support for various systems.
Aggregates security threats from online sources and outputs to various formats.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
A collection of YARA rules for public use, built from intelligence profiles and file work.
GCTI's open-source detection signatures for malware and threat detection
A minimal library to generate YARA rules from JAVA with maven support.
A program to extract IOCs from text files using regular expressions
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
A tool for navigating and annotating ATT&CK matrices with the ability to define custom layers for specific views.
A free threat intelligence feed and banlist feed of known malicious IP addresses for public use only.
A framework for managing cyber threat intelligence in structured formats.
HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
Tool for dataviz and statistical analysis of threat intelligence feeds, presented in cybersecurity conferences for measuring IQ of threat intelligence feeds.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.
Platform providing community-driven threat intelligence on cyber threats with a focus on malware and botnets.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.
Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and share results with the security community.
Interactive online malware sandbox for real-time analysis and threat intelligence
A system for collecting, managing, and distributing security information on a large scale, developed by CERT Polska.
A set of rules for detecting threats in various formats, including Snort, Yara, ClamAV, and HXIOC.
A collection of public YARA signatures for various malware families.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
Open Source Threat Intelligence Collector with plugin-oriented framework.
Facilitates distribution of Threat Intelligence artifacts to defensive systems.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
Knowledge base workflow management dashboard for YARA rules and C2 artifacts.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
Forager is a threat intelligence tool that simplifies the retrieval, storage, and maintenance of threat data with a user-friendly interface and support for various data sources.
A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.
Repository containing IoCs related to Volexity's threat intelligence blog posts and tools.
Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.
Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.
A daily updated summary of security advisories from various sources
Maldatabase is a threat intelligence platform providing malware datasets and threat intelligence feeds for malware data science and threat intelligence.
A method for profiling SSL/TLS Clients with easy-to-produce client fingerprints.
An Active Defense framework for detecting and responding to phishing attacks in Office 365 Message Trace logs.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
CAPEC™ is a comprehensive dictionary of known attack patterns used by adversaries to exploit weaknesses in cyber-enabled capabilities.
Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.
Collection of YARA signatures from recent malware research.
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Naked Security by Sophos offers expert insights and practical advice on cybersecurity threats and protection strategies.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
A tool for fetching and visualizing cyber threat intelligence data with Elasticsearch and Kibana integration.
Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.
A centralized tool for security monitoring and analysis that integrates various open source big data technologies.
Platform for the latest threat intelligence information
CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.
RiskAnalytics Solutions offers community projects for cyber threat intelligence sharing and collaboration.
CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.
Gathers Threat Intelligence Feeds from publicly available sources and provides detailed output in CSV format.
Define and validate YARA rule metadata with CCCS YARA Specification.
Globally-accessible knowledge base of adversary tactics and techniques for cybersecurity.
Repository of APT-related documents and notes sorted by year.
QRadio is a tool/framework designed to consolidate cyber threats intelligence sources.
SecurityWeek provides comprehensive cybersecurity news and analysis across various security domains.
A collection of Yara rules licensed under the DRL 1.1 License.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
An open source threat intelligence platform for storing and managing cyber threat intelligence knowledge.
A project focusing on understanding and combating threats to the Internet economy and net citizens.
A command-line tool that fetches known URLs from various sources to identify potential security threats and vulnerabilities.
A comprehensive guide to network security monitoring, teaching readers how to detect and respond to intrusions using open source software and vendor-neutral tools.
Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.
A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
Repository containing MITRE ATT&CK and CAPEC datasets in STIX 2.0 for cybersecurity threat modeling.
Maltiverse automates Threat Intelligence for small and medium-sized SecOps teams, providing an effective and affordable service.
Intelligence feeds for cybersecurity professionals to stay informed about emerging threats and trends.
A single cybersecurity platform that provides holistic security management, prevention, detection, and response capabilities powered by AI and threat intelligence, designed to simplify and converge security operations in diverse hybrid IT environments.
Repository of Yara signatures for detecting targeted attacks on civil society organizations
Open Source Threat Intelligence Gathering and Processing Framework
The FASTEST Way to Consume Threat Intelligence and make it actionable.
eCrimeLabs provides a SOAR platform for threat detection and response, integrated with MISP.
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
AhnLab PLUS is a unified security platform providing comprehensive cybersecurity solutions for businesses.
Comprehensive documentation for ThreatConnect's REST API and SDKs.
An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.
In-depth analysis of real-world attacks and threat tactics
A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Open-source, free, and scalable cyber threat intelligence and security incident response solution with improved performance and new features.
A vulnerability assessment and management tool that uses patented technology to accurately identify vulnerabilities and prioritize them by risk.
Threat intelligence platform providing real-time threat data and insights.
Python 3 tool for parsing Yara rules with ongoing development.
Apache Metron is a centralized tool for security monitoring and analysis that integrates various open-source big data technologies.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
NECOMA focuses on data collection, threat analysis, and developing new cyberdefense mechanisms to protect infrastructure and endpoints.
PolySwarm is a malware intelligence marketplace that aggregates threat detection engines to provide early detection, unique samples, and higher accuracy.
An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.
A tool for detecting capabilities in executable files, providing insights into a program's behavior and potential malicious activities.
An extendable tool to extract and aggregate IOCs from threat feeds, integrates with ThreatKB and MISP.
A comprehensive and unrestricted dataset of security incidents for research and decision-making
Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.
TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.
A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.
CLI tool for ThreatCrowd.org with multiple query functions.
Recorded talks from Hack.lu 2018 covering various cybersecurity topics.
A comprehensive guide to developing an incident response capability through intelligence-based threat hunting, covering theoretical concepts and real-life scenarios.
Open source web app for storing and searching Actor related data from users and public repositories.
A collection of publicly available YARA rules for detecting and classifying malware.
Pulsedive is a threat intelligence platform that provides frictionless threat intelligence for growing teams, offering features such as indicator enrichment, threat research, and API integration.
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks with extensive functionality for log data analysis, threat intelligence enrichment, and visualization.
Detect capabilities in executable files and identify potential behaviors.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Commercial
Vulnerability Management
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security