Awesome Cybersecurity Blue Team Awesome

A collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

Cybersecurity blue teams are groups of individuals who identify security flaws in information technology systems, verify the effectiveness of security measures, and monitor the systems to ensure that implemented defensive measures remain effective in the future. While not exclusive, this list is heavily biased towards Free Software projects and against proprietary products or corporate services. For offensive TTPs, please see awesome-pentest.

Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details. This work is licensed under a Creative Commons Attribution 4.0 International License.

Contents

Automation

Communications security (COMSEC)

DevSecOps

See also awesome-devsecops.

Fuzzing

See Awesome-Fuzzing.

Honeypots

See also awesome-honeypots.

Tarpits

Host-based tools

Incident Response tools

See also awesome-incident-response.

IR management consoles

Evidence collection

Threat hunting

(Also known as hunt teaming and threat detection.)

See also awesome-threat-detection.

Network Security Monitoring (NSM)

Network perimeter defenses

Firewall appliances or distributions

Operating System distributions

Preparedness training and wargaming

(Also known as adversary emulation, threat simulation, or similar.)

Security Information and Event Management (SIEM)

Service and performance monitoring

See also awesome-sysadmin#monitoring.

Threat intelligence

See also awesome-threat-intelligence.

Tor Onion service defenses

See also awesome-tor.

Transport-layer defenses

macOS-based defenses

Windows-based defenses

See also awesome-windows#security and awesome-windows-domain-hardening.

License

CC-BY

This work is licensed under a Creative Commons Attribution 4.0 International License.