Threat Intelligence
13 tools indexed
Threat intelligence platforms, incident response case management, and IOC sharing tools. These platforms help SOCs, CSIRTs, and threat analysts collect, correlate, and distribute indicators of compromise, manage security incidents collaboratively, and build structured knowledge bases of threat actors and campaigns.
MISP
Open-source threat intelligence and sharing platform. Structured IOC management, feeds, correlation, and STIX/TAXII export.
OpenCTI
Cyber threat intelligence platform. Knowledge management for threat data with STIX2 native storage and graph visualization.
TheHive
Incident response case management platform. Collaborative investigation with observable analysis, playbooks, and MISP integration.
GRR Rapid Response
Remote live forensics framework by Google. Deploy agents across thousands of endpoints for artifact collection and analysis.
KAPE
Kroll Artifact Parser and Extractor. Fast triage collection and parsing of forensic artifacts from Windows, macOS, and Linux.
Cortex
Observable analysis and active response engine. Analyze IOCs at scale with 100+ analyzers for IPs, hashes, URLs, and domains.
osquery
SQL-powered endpoint visibility. Query operating system state as a relational database for security monitoring and compliance.
Wazuh
Open-source SIEM and XDR platform. Endpoint detection, log analysis, vulnerability scanning, and compliance monitoring.
Sigma
Generic detection rule format. Write once, convert to Splunk, Elasticsearch, QRadar, and 30+ SIEM backends.
IntelOwl
Threat intelligence management platform integrating 100+ analyzers for enriching observables and malware samples.
CrowdSec
Collaborative open-source IPS with crowd-sourced threat intelligence sharing.
Snort3
Next-generation open-source intrusion detection and prevention system.
IntelMQ
Automated security feed processing framework. Collects, normalizes, and distributes threat intelligence from hundreds of sources.