Cybersecurity Evaluation Tool
☆1,770Feb 28, 2026Updated this week
Alternatives and similar repositories for cset
Users that are interested in cset are comparing it to the libraries listed below
Sorting:
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆2,344Feb 19, 2026Updated last week
- Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 en…☆1,430Dec 27, 2022Updated 3 years ago
- A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE AT…☆1,208Feb 20, 2026Updated last week
- Automation to assess the state of your M365 tenant against CISA's baselines☆2,470Updated this week
- GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]☆1,541Jul 28, 2024Updated last year
- CISA's catalog of bad practices that are exceptionally risky.☆208Updated this week
- RedEye is a visual analytic tool supporting Red & Blue Team operations☆2,738Oct 20, 2023Updated 2 years ago
- A set of guidelines and best practices for an awesome engineering team☆268Updated this week
- Automated Adversary Emulation Platform☆6,781Updated this week
- Detect Tactics, Techniques & Combat Threats☆2,264Jan 21, 2026Updated last month
- Small and highly portable detection tests based on MITRE's ATT&CK.☆11,632Updated this week
- Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-t…☆1,380Updated this week
- Open Cyber Threat Intelligence Platform☆8,893Updated this week
- ☆2,388Oct 14, 2023Updated 2 years ago
- A knowledge base of actionable Incident Response techniques☆662May 31, 2022Updated 3 years ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,486Jan 12, 2026Updated last month
- Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.☆2,916Updated this week
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,515Jan 12, 2026Updated last month
- MISP (core software) - Open Source Threat Intelligence and Sharing Platform☆6,150Updated this week
- IntelOwl: manage your Threat Intelligence at scale☆4,467Updated this week
- Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysi…☆1,300Jun 1, 2023Updated 2 years ago
- Main Sigma Rule Repository☆10,156Updated this week
- TrustedSec Sysinternals Sysmon Community Guide☆1,372Feb 10, 2026Updated 3 weeks ago
- A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data int…☆2,445Feb 24, 2026Updated last week
- 🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.☆5,167Jul 15, 2024Updated last year
- External monitoring for organization assets☆419Jun 5, 2024Updated last year
- Contact: CRT@crowdstrike.com☆750Apr 27, 2023Updated 2 years ago
- Memory Forensic System on Cloud☆92Dec 21, 2023Updated 2 years ago
- A DFIR tool written in Python.☆1,053Jun 9, 2021Updated 4 years ago
- 🚨ATTENTION🚨 The NIST 800-53 mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept…☆495Apr 3, 2024Updated last year
- A curated list of tools for incident response☆8,842Jul 18, 2024Updated last year
- Open Source Security Events Metadata (OSSEM)☆1,288Feb 27, 2023Updated 3 years ago
- Automate the creation of a lab environment complete with security tooling and logging best practices☆4,908Jul 6, 2024Updated last year
- Digging Deeper....☆3,784Updated this week
- Re-play Security Events☆1,723Mar 20, 2024Updated last year
- Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mand…☆7,529Oct 16, 2025Updated 4 months ago
- Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK☆1,078Nov 28, 2024Updated last year
- Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by devel…☆719Nov 14, 2025Updated 3 months ago
- Six Degrees of Domain Admin☆10,540Aug 1, 2025Updated 7 months ago