Free
Splunk SOAR Community Playbooks
Fast Intercept is a security automation platform that empowers users to maximize their existing security products and automate routine tasks.
Security Operations
Tools for security operations including incident response, threat hunting and SOC automation
Try these 133 AI Security Operations Tools
Free
Stackstorm
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Free
Stronghold
A DFIR Playbook Spec based on YAML for collaborative incident response processes.
Free
SyntheticSun
A custom activity repository for Ayehu NG automation platform, allowing users to create and modify activities to fit their specific needs.
Free
sysmon-config
A collaborative and open-source incident response platform for sharing observables among analysts.
Free
sysmon-modular
DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.
Free
System Two Security
Workflows for Shuffle automation tool with structured categories and customization options.
Free
TheHive Documentation
Automate security incident handling and facilitate real-time activities of incident handlers.
Free
TheHive Project
A Sysmon configuration file template with detailed explanations and tutorial-like features.
Free
The Hive (StrangeBee)
Todyl is a modular cybersecurity platform that consolidates SASE, SIEM, EDR/NGAV, MXDR, and GRC capabilities into a single-agent solution with centralized management.
Free
Todyl
Repository of templates for Ayehu's workflows with the ability to design, execute, and automate IT and business processes.
Free
Tracking a stolen code-signing certificate with osquery
Scumblr is a web application for periodic syncs of data sources and security analysis to streamline proactive security.
Free
Tracecat
A collaborative and open-source incident response platform for sharing observables among analysts.
Free
Unix-like Artifacts Collector UAC
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
Free
Untitled Goose Tool
PacBot is a platform for continuous compliance monitoring, compliance reporting, and security automation for the cloud, with a plugin-based data ingestion architecture.
Free
VERIS Framework
A proof of concept for using the SSM Agent in Fargate for incident response
Free
Wazuh
An AI-powered security operations platform that automates alert investigation, triage, and response workflows for SOC analysts.
Free
Windows 10/11 Hardening Script
A framework for accumulating, describing, and classifying actionable Incident Response techniques
Free
Windows Commands Abused by Attackers
A framework for accumulating, describing, and classifying actionable Incident Response techniques
Free
Workflow Templates Repository
Workflows for Shuffle automation tool with structured categories and customization options.
Free
Anomali View Anomali
Anomali provides an intelligence-driven cybersecurity platform designed to empower organizations with superior threat visibility, automated detection, and accelerated response capabilities. By leveraging the largest repository of AI-curated global threat intelligence and advanced automation, Anomali illuminates an organization's attack surface, quantifies investment risks, identifies emerging threats, and provides critical awareness of active attacks for decisive action. The platform enables proactive defense and efficient remediation by transforming raw threat data into actionable insights.
AI-curated global threat intelligence repository
Automated threat detection and processing
Enhanced threat visibility across the attack surface
Free
Anvilogic View Anvilogic
Anvilogic is a no-code intelligent platform designed to revolutionize the detection engineering workflow for Security Operations Center (SOC) teams. By enabling rapid assessment of environments and the seamless creation and deployment of attack-pattern detection code, Anvilogic delivers highly accurate, enriched alerts that accelerate automated triage and response. The platform provides a unified experience, enhancing visibility, enrichment, and context across a multitude of alerting datasets and security tools, empowering security professionals to better assess, detect, and respond using their existing technology and data.
No-code detection engineering workflow automation
Rapid environment assessment capabilities
Automated building and deployment of detection code
Free
Axoflow View Axoflow
Axoflow empowers organizations to unify disparate logging, metrics, and tracing solutions into a cohesive, cloud-native observability infrastructure. Designed for cloud, on-premises, and hybrid environments, Axoflow's automated security data curation pipeline leverages AI to accelerate threat detection and response, significantly reducing compliance breaches. This vendor-agnostic platform offers an end-to-end solution for collecting, managing, and ingesting security data, transforming raw information into actionable insights for enhanced security posture and operational efficiency.
Consolidate Logs, Metrics, and Traces
Cloud-Native Observability Infrastructure
AI-Powered Threat Detection and Response