Cradle alternatives for AI agents.

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.

A collection of resources for Threat Hunters

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

AssemblyLine 4: File triage and malware analysis

GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

Volatility 3.0 development

Digging Deeper....

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

Collaborative Incident Response platform

Cortex: a Powerful Observable Analysis and Active Response Engine

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.

Monzo's real-time incident response and reporting tool ⚡️

Free educational courses in cybersecurity, reverse engineering, malware analysis, and programming designed to expand access, build practical skills, and support the next generation of cyber defenders.