Tool categoriesΒΆ
Category |
Tool(s) |
Alternatives / Notes |
|---|---|---|
Adversary Emulation |
Atomic Red Team, CALDERA, Stratus Red Team |
PurpleSharp, Red Team Automation Framework (RTAF), Invoke-Adversary |
Detection Engineering |
Sigma, YARA, Splunk SPL, Elastic EQL, Chronicle YARA-L |
SnapAttack Rule Builder, ForgeRock ThreatMapper, Loki LogQL |
Automation & CI/CD |
Detection-as-Code CI (GitHub Actions, GitLab CI), Ansible, Jenkins |
DetEct, Falco Test Suite, DeepAlert |
Validation & Replay |
VECTR, Atomic CLI, Detection Lab, SCYTHE |
AttackIQ, SafeBreach, Uber Metta |
Ticketing & Reporting |
Jira, Confluence, ServiceNow, TheHive |
GitHub Issues, Azure DevOps Boards |
SIEM & Dashboards |
Elastic (Kibana), Splunk, Grafana, Azure Sentinel |
Power BI, Sumo Logic, Observable Notebooks |
Telemetry Collection |
Sysmon, Osquery, Zeek, Windows Event Logs, CloudTrail |
AuditD, Wazuh, eBPF Tools (Tetragon, Cilium Hubble) |
Rule Generation |
Zeus Cloud, Uncoder.io (Sigma IDE), SnapAttack Platform |
Manual scripting in Python/YAML |
Remediation Automation |
SOAR (Cortex XSOAR, Splunk SOAR), Sentinel Playbooks |
Shuffle, StackStorm |