Free
AbuseIO View AbuseIO
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
Security Operations
Tools for security operations including incident response, threat hunting and SOC automation
Try these 133 AI Security Operations Tools
Free
Admyral View Admyral
Sample security playbooks for security automation, orchestration and response (SOAR) using Microsoft Sentinel trigger
Free
AIL Framework View AIL Framework
A project that uses Athena and EventBridge to investigate API activity and notify of actions for incident response and misconfiguration detection.
Free
Alerting and Detection Strategies Framework View Alerting and Detection Strategies Framework
Migrated Splunk SOAR Connectors to new GitHub organization for better organization and management.
Free
Anvilogic View Anvilogic
AWS Community repository of custom Config rules with instructions for leveraging and developing AWS Config Rules.
Free
Anomali View Anomali
A collection of incident response methodologies for various security incidents, providing easy-to-use operational best practices.
Free
Auditd Configuration Best Practices View Auditd Configuration Best Practices
A DFIR console integrating various cybersecurity tools and frameworks for efficient incident response.
Free
AutoTTP View AutoTTP
Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.
Free
AWS Auto Remediate View AWS Auto Remediate
A public incident response process documentation used at PagerDuty
Free
AWS Config Rules Repository View AWS Config Rules Repository
A remediation orchestration platform that consolidates security alerts, automates triage, and streamlines the remediation process across hybrid environments.
Free
AWS Elastic Disaster Recovery View AWS Elastic Disaster Recovery
A data curation platform that automates security data collection, transformation and routing while reducing data volume and infrastructure costs.
Free
aws-fast-fixes View aws-fast-fixes
Scalable, cost-effective application recovery to AWS.
Free
Aurora Incident Response View Aurora Incident Response
A proof of concept for using the SSM Agent in Fargate for incident response
Free
AWS IR View AWS IR
Detect signed malware and track stolen code-signing certificates using osquery.
Free
AWS Incident Response Kit (AIRK) View AWS Incident Response Kit (AIRK)
DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.
Free
AWS Incident Response Runbook Samples View AWS Incident Response Runbook Samples
A defense-in-depth security automation and monitoring framework utilizing threat intelligence, machine learning, and serverless technologies.
Free
AWS Incident Response Investigation of API activity using Athena and notification of actions using EventBridge View AWS Incident Response Investigation of API activity using Athena and notification of actions using EventBridge
An AI-powered security operations platform that automates alert investigation, triage, and response workflows for SOC analysts.
Free
AWS Security Automation View AWS Security Automation
A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.
Free
AWS Security Architectures View AWS Security Architectures
A Serverless Security Orchestration Automation and Response (SOAR) Framework for AWS GuardDuty with various supported actions.
Free
AxoFlow View AxoFlow
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
Free
Beagle View Beagle
Fast suspicious file finder for threat hunting and live forensics.
Free
Catalyst View Catalyst
Repository of playbooks, scripts, and templates for automating and orchestrating Security Operations.
Free
CBRX View CBRX
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
Free
CimSweep View CimSweep
A collection of Cyber Incident Response Playbook Battle Cards (PBC) for combating cyber threats and attacks, following a prescriptive approach inspired by CERT Societe Generale's IRM.