Online resources related to SOC Analysts. Incident investigation reference material, blogs, newsletters, good reads, books, trainings, podcasts, Twitter/X accounts and a set of tools relevant to the role of SOC analyst.
☆47Feb 14, 2026Updated last month
Alternatives and similar repositories for awesome-soc-analyst
Users that are interested in awesome-soc-analyst are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools…☆155Mar 23, 2026Updated last week
- MISP to Microsoft Defender integration☆17Feb 24, 2026Updated last month
- Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.☆29Sep 29, 2025Updated 6 months ago
- A SOC Analyst's tool to automate the investigation & validation of possible Indicators of Compromise (IOCs) and perform various tasks inc…☆29Jun 22, 2022Updated 3 years ago
- CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable repor…☆283Mar 20, 2025Updated last year
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- pySigma Splunk backend☆41Mar 22, 2026Updated last week
- Generates a detailed CSV file containing Sigma Rules statistics for each service or category, and each level, offering a holistic view of…☆10Dec 22, 2023Updated 2 years ago
- ☆16Jul 8, 2024Updated last year
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆53Oct 23, 2024Updated last year
- ☆12Jun 4, 2025Updated 9 months ago
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.☆54Apr 22, 2025Updated 11 months ago
- ATT&CK Data Model (ADM): A TypeScript library for structured interaction with MITRE ATT&CK datasets. Uses Zod schemas, TypeScript types, …☆72Feb 17, 2026Updated last month
- CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools☆16Feb 26, 2026Updated last month
- ICS/OT related Wireshark profiles + adding some other (IT or OT related) Open Source Wireshark Profiles☆18Mar 21, 2025Updated last year
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR☆17Nov 7, 2025Updated 4 months ago
- A comprehensive knowledge base for security professionals to keep track of and build defenses against API attack techniques.☆44Sep 12, 2024Updated last year
- Website searcher for SEO comparisons / OSINT☆11Oct 13, 2019Updated 6 years ago
- service to convert nfcapd files clickhouse as they are created☆10Mar 22, 2025Updated last year
- This repo contains all the code needed to run the Cognito Vue workshop☆14Jul 16, 2021Updated 4 years ago
- Jupyter Univere is a search engine for all infosec jupyter notebooks☆36Mar 24, 2025Updated last year
- Block ads and malicious domains with response policy zones☆12Jun 10, 2020Updated 5 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆88Mar 11, 2026Updated 2 weeks ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Pure Python netflow and DNS correlation, with reusable Frame Streams, DnsTap and Protobuf implementations☆17Aug 30, 2025Updated 7 months ago
- 🛡️ SIGMA Detection Engineering Platform A comprehensive AI-powered detection engineering platform for security teams to explore MITRE AT…☆45Jun 28, 2025Updated 9 months ago
- HECTOR☆20Mar 3, 2017Updated 9 years ago
- ☆11Mar 9, 2018Updated 8 years ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆130Apr 6, 2024Updated last year
- ☆16Mar 19, 2026Updated last week
- Tool that gathers a customizable set of ETW telemetry and generates user-defined detections☆47Jan 28, 2026Updated 2 months ago
- command line tool to use the DNSDB Flexible Search API extensions.☆16Aug 5, 2024Updated last year
- This directory contains presentations and related materials of my speaking engagements. I also use this to record historical presentation…☆17Feb 13, 2025Updated last year
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- Static file analysis for PE files☆13Dec 4, 2020Updated 5 years ago
- A javascript library to convert Outlook *.msg files to *.eml☆12Jun 27, 2024Updated last year
- A curated collection of DFIR skills and workflows for InfoSec practitioners.☆261Feb 8, 2026Updated last month
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆51Sep 22, 2025Updated 6 months ago
- 🐻❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.☆14May 22, 2024Updated last year
- A home for detection content developed by the delivr.to team☆72Aug 10, 2025Updated 7 months ago