Awesome Cybersecurity Blue Team Awesome

A collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

Cybersecurity blue teams are groups of individuals who identify security flaws in information technology systems, verify the effectiveness of security measures, and monitor the systems to ensure that implemented defensive measures remain effective in the future. While not exclusive, this list is heavily biased towards Free Software projects and against proprietary products or corporate services. For offensive TTPs, please see awesome-pentest.

Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details. This work is licensed under a Creative Commons Attribution 4.0 International License.



Code libraries and bindings

Security Orchestration, Automation, and Response (SOAR)

See also Security Information and Event Management (SIEM), and IR management consoles.

Cloud platform security

See also

Communications security (COMSEC)

See also Transport-layer defenses.


See also awesome-devsecops.

Application or Binary Hardening

Compliance testing and reporting


See also Awesome-Fuzzing.

Policy enforcement


See also awesome-honeypots.


Host-based tools


Incident Response tools

See also awesome-incident-response.

IR management consoles

See also Security Orchestration, Automation, and Response (SOAR).

Evidence collection

Network perimeter defenses

Firewall appliances or distributions

Operating System distributions

Phishing awareness and reporting

See also awesome-pentest § Social Engineering Tools.

Preparedness training and wargaming

(Also known as adversary emulation, threat simulation, or similar.)

Security monitoring

Endpoint Detection and Response (EDR)

Network Security Monitoring (NSM)

See also awesome-pcaptools.

Security Information and Event Management (SIEM)

Service and performance monitoring

See also awesome-sysadmin#monitoring.

Threat hunting

(Also known as hunt teaming and threat detection.)

See also awesome-threat-detection.

Threat intelligence

See also awesome-threat-intelligence.

Tor Onion service defenses

See also awesome-tor.

Transport-layer defenses

macOS-based defenses

Windows-based defenses

See also awesome-windows#security and awesome-windows-domain-hardening.



This work is licensed under a Creative Commons Attribution 4.0 International License.