security-operations

There are 6 repositories under security-operations topic.

• satan1a / TheRoadOfSO

  学习安全运营的记录 | The knowledge base of security operation

  security-operationscybersecuritysecurity-analysisthreat-analysissecurity-operationsocwikiknowledge-base
  Language:HTML 857

• reconmap / reconmap

  Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling end‑to‑end engagement management, from reconnaissance through execution and reporting. With built-in command automation, output parsing, and AI‑assisted summaries, it delivers faster, more structured, and high‑quality security assessments.

  ai-securityai-toolsbug-bountycollaboration-platformcommand-automationdevsecopshacktoberfestinfosecmssp-toolspenetration-testingpentestingreporting-toolssecuritysecurity-automationsecurity-operationssecurity-platformsecurity-workflowvulnerabilityvulnerability-management
  Language:HTML 799

• GoogleCloudPlatform / security-analytics

  Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud

  securitygcpgoogle-cloudbigquerychroniclecloud-security-command-centeraudit-logslog-analyticsloggingnetwork-analysisnetwork-logssecurity-operationsthreat-detection
  Language:Python 346

• Kirtar22 / Litmus_Test

  Detecting ATT&CK techniques & tactics for Linux

  mitre-attackthreathuntinglinux-huntingincident-responsesecurity-operationsdefensive-securityblue-teamred-team
  Language:Roff 258

• NVISOsecurity / ee-outliers

  Open-source framework to detect outliers in Elasticsearch events

  outliersnetsecthreat-huntingstatisticssecurity-monitoringanomaly-detectionoutlier-detectionsiemcirtsecurity-operationsee-outliersmlmachine-learningstatistical-analysis
  Language:Python 209

• ControlCompass / ControlCompass.github.io

  Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques

  securityintelligencecybersecuritythreat-intelligencethreat-huntingred-teamingred-teamdetectiondetection-engineeringmitre-attacksiemsecurity-toolssecurity-operationssocinfosecinformation-security
  Language:JavaScript 136

• gbrigandi / mcp-server-wazuh

  MCP Server for Wazuh SIEM

  llmmcpmcp-servermodel-context-protocol-serverssecurity-operationssiemwazuhwazuh-integrationmodel-context-pro
  Language:Rust 136

• gerardokaztro / cybersecurity-entry-level

  Curso para aprender Ciberseguridad desde cero, en español y 100% gratis. Abarca 5 dominios fundamentales que necesitas conocer para poder dar tus primeros pasos en este apasionante mundo.

  access-controlbackupciberseguridadcybersecuritydisaster-recoveryfundamentalsincident-responsenetwork-securitysecurity-operationsseguridad-de-la-informacionseguridad-informaticatutorial
  114

• nbyiansec / sskit

  安全运维工具箱是一款面向安全运维场景的集成化利器，融合了资产管理、资产测绘、漏洞检测、配置核查、弱口令检测、批量化运维、漏洞跟踪、报告生成以及日志审计等核心功能模块。

  asset-managementasset-mappingconfiguration-verificationdevice-inspectionhost-hardeningnucleisecuritysecurity-operationssecurity-toolsvulnerability-detectionweak-password-detection
  110

• NP558565 / ISC2-CC-Cybersecurity-Study-Material

  My learning, tutorials on Cybersecurity

  access-controlbusiness-continuityincident-responsenetwork-securitysecurity-operationssecurity-principles
  Language:HTML 90
• mcp-panther

  panther-labs / mcp-panther

  Write detections, investigate alerts, and query logs from your favorite AI agents

  aicybersecuritymcp-serversecurity-operations
  Language:Python 32

• SHolzhauer / elastic-tip

  Elastic TIP is a python tool which automates the process of aggregating Threat Intelligence and ingesting the intelligence into a common format into Elasticsearch with the main goal of being used by the Security solution.

  elasticsearchsiemsecuritysecurity-operationsthreat-intelligenceioc
  Language:Python 28

• alexfrancow / iSOC

  :bar_chart: Deploy an "illegal" SOC to manage vulnerabilities on your city servers in minutes.

  blue-teambugbountybugbounty-toolcybersecuritydockerdocker-composeelasticsearchelkkibanamongodbopenvaspython3red-teamsecurity-operationssiemvulnerability-detectionw3afzabbix
  Language:Jupyter Notebook 19

• H3llKa1ser / SOC-Assistant-Guide

  A Security Operations playbook to assist blue teamers from day-to-day tasks to Digital Forensics and Incident Response (DFIR) activities.

  cyber-threat-intelligencecybersecuritydetection-engineeringdigital-forensics-incident-responsesecurity-operationsthreat-hunting
  19
• dnsbeat

  0xThiebaut / dnsbeat

  An Elasticsearch Beat to monitor DNS zones through customizable zone transfers.

  elasticsearchdnsmonitoringzone-transfersdetectionsecurity-operations
  Language:Go 13

• MrM8BRH / Defensive-Security-Hub

  A curated collection of essential resources, tools, and references for Security Operations Center (SOC) analysts.

  blueteamcheatsheetscyber-threat-intelligencedetection-engineeringdfiremail-securityincident-responselog-analysismalware-analysissecurity-operationssoc-analystthreat-huntinghunting-techniquesthreat-intel-feedsblueteam-toolsiocsecurity-operations-centersocmrm8brh
  9

• austinsonger / Interviewing

  Interviewing Help for Information Security Jobs (With Answers)

  compliancecyber-securitycybersecurityinformation-securityinterviewingnetwork-securityriskrisk-assessmentsecurity-operationsthreat-managementgovernance-risk-compliance
  6

• gapilongo / SOC

  Intelligent SOC automation framework powered by LangGraph multi-agent workflows for alert triage, correlation, and incident response

  ai-agentsalert-triagecybersecurityincident-responselangchainlanggraphmulti-agent-systempythonsecurity-automationsecurity-operationssecurity-orchestrationsocthreat-detectionthreat-intelligenceworkflow-automation
  Language:Python 5

• Balzu / Security-Events-Explorer

  A user-friendly and powerful tool to analyze Windows Security Events

  active-directoryactive-directory-exploitationactive-directory-securityblueteamblueteamingevent-viewerlog-intelligencesocwindowswindows-securityactive-directory-authenticationcehcisspsecurity-analysissecurity-operationssecurity-toolswhite-hatwindows-local-exploitwindows-logon
  Language:JavaScript 4

• aymenmarjan / MISP-Wazuh-Integration

  A comprehensive integration solution connecting MISP threat intelligence with Wazuh security monitoring for real-time threat detection. This project provides step-by-step instructions for deploying, configuring, and integrating MISP and Wazuh with Sysmon to automatically detect indicators of compromise (IoCs) in your environment.

  blue-teamcybersecuritydevsecopsincident-responseioc-detectionmispsecurity-automationsecurity-integrationsecurity-monitoringsecurity-operationssecurity-toolssysmonthreat-detectionthreat-intelligencewazuh
  3

• darkquasar / purplerepo

  🛡️⚔️ Curated GitHub repos for Defensive & Offensive Cyber Tradecraft

  automationcyber-toolscyberopsdetection-engineeringdfir-automationsecurity-operationsthreat-huntingthreat-intelligencecloudflare-workers
  Language:TypeScript 3

• databricks-industry-solutions / incident-investigation-using-graphistry

  Visual analytics using Databricks & Graphistry for cybersecurity investigations

  cybersecuritygraphinvestigationssecurity-operationsvisualization
  Language:Python 3

• Chinuaoku / ISC2-Certified-in-Cybersecurity

  This is a cybersecurity certification that proves that an individual have the fundamental knowledge, skills and ability for an entry-level or junior-level cybersecurity role. It is ANAB accredited, ISO/IEC STANDARD 17024.

  disaster-recoverynetwork-securitysecurity-operationsaccess-control-conceptsbusiness-continutityincidence-response-conceptssecurity-principles
  2
• CTDR

  Raqeeb27 / CTDR

  Cyber Threat Detection and Response: Integration of Sysmon, YARA, Sliver C2, and LimaCharlie EDR to simulate and analyze ransomware/memory dump threats

  blue-teamcyber-security-labcybersecurityedrincident-responsered-teamsocthreat-detectioncyber-defensehome-lablimacharliesecurity-operationssimulated-attackssysmonvirtualizationyarasliver-c2
  2

• austinsonger / Intel-Hash

  Takes a Onion URL and Hashes it and compares it against blacklisted hashed onion URLS

  scriptsecuritysecurity-toolssecurity-operations
  Language:Python 1

• haroutp / azure-security-architecture

  Enterprise Azure security architecture with multi-domain implementation covering identity, network, compute, and security operations

  az-500azure-architectureazure-securityazure-sentinelcloud-securitycompliancecybersecurityenterprise-securityidentity-managementkey-vaultnetwork-securitypowershellsecurity-operationssiemthreat-detection
  Language:PowerShell 1

• penxpkj / Defensive-Security-Hub

  # Defensive Security Hub A curated collection of essential resources, tools, and references for Security Operations Center (SOC) analysts. This repository aims to support your security efforts and enhance your skills. 🌐🔒

  blueteamblueteam-toolscheatsheetscyber-threat-intelligencedetection-engineeringdfiremail-securityhunting-techniquesincident-responseiocmalware-analysissecurity-operationssecurity-operations-centersocsoc-analystthreat-huntingthreat-intel-feeds
  1

• SOC-101 / SOC-Introduction

  Introduction to SOC and related terminologies.

  sochardeningincident-responseincident-response-toolingsiemsoarblue-teamscyber-threat-intelligencesecurity-operations
  1

• AWS-CSS-Portfolio / logging-monitoring

  Centralized AWS security monitoring lab using CloudTrail, CloudWatch, and Athena to detect root account usage and unauthorized API calls. Includes saved queries, dashboards and threat-hunting examples.

  athenaawscentralized-loggingcloudtrailcloudwatchlogging-and-monitoringsecurity-analyticssecurity-operationssns-alertsthreat-huntingaws-security-specialty

• dfirvault / Splunk-Case-Manager

  Splunk case manager

  dfirdfirvaultsplunkcase-managementincident-managementsecurity-operationssoc
  Language:Python

• fpeakman / Useful-Cyber-Resources

  A list of free or open source tools or resources that have proven useful over the years.

  active-directoryazureblocklistcheatsheetscyber-threat-intelligencecybersecuritycybersecurity-engineeringcybersecurity-toolsdetection-engineeringincident-responseopensourcesecurity-engineeringsecurity-hardeningsecurity-operationssecurity-operations-centersecurity-tools

• josamontiel / free-sec-tools

  A list of free cybersecurity tools with links. Creating this for my own reference. These tools are separated by category that would typically be seen in a SOC.

  cybersecuritysecurity-operationssecurity-operations-centersoc-analyst

• LyticOnaope / Phishing-Email-Analysis

  Executive phishing email analysis for VitalCare Health Solutions – includes header inspection, BEC indicators, SPF/DKIM/DMARC checks, malicious attachment & URL analysis, and a stakeholder-ready executive report with findings, impact, and recommendations.

  business-email-compromisecyber-threat-analysiscybersecurityemail-securityincident-responseioc-detectionmalware-analysisphishing-analysissecurity-operationssoc-analystthreat-huntingthreat-intelligence

• Matt-C-G / endpoint-labs

  artifactsasrautomationbitlockerdefenderendpoint-securityevidencepowershellsecurity-operationsendpointportfoliosoc
  Language:PowerShell

• Matt-C-G / sentinel-labs

  automationincident-responsekqlsc-200security-operationssentinelsocthreat-huntingworkbook

• YASHWANTgs / SOC-Ticketing-workflow-Jira-ServiceNow

  Simulated SOC ticketing workflow using Jira and serviceNow for phishing, Malware, And login alert investigations.

  incident-responsejiralogin-alertsecurity-operationsservice-nowticketing-system