In this article, we will introduce 15 widely used tools in Blue Team (Blue Team). These tools are among the most important and most commonly used tools in the area of Blue Team, which are provided for free and open-source, and you can use You do. From the need to pay.
Tool 1 – TheHive
TheHive tool is a free and open-source platform that is usually provided to facilitate the work of professionals in the field such as SOC, CSIRT, and CERT because these people are constantly faced with security events and various risks. It can also work well by integrating with other tools such as MISP. TheHive With multiple features and having multiple analysts, this tool can easily focus on events and attacks and their analysis
- Website address: https://thehive-project.org
Tool 2 – OSSIM
OSSIM is provided by AlienVault and is now part of AT&T Security. AT&T has two SIEMs, one of which is USM, which is non-free with several features, and the other is OSSIM, which is free and open-source but with more limited features than USM. This SIEM can be easily set up and installed for free and implement the process of identifying and preventing threats and analyzing data for us.
- Website address: https://cybersecurity.att.com/products/ossim/download
Tool 3 – The HELK
This tool is one of the tools that you have probably heard its name if you are active in the field of Blue Team and Threat Hunting. This tool was created and developed by Roberto Rodgers under the pseudonym Cyb3rWard0g under the GPL v3 License. This tool is based on ELK, and other tools such as Spark and Kafka are also used.
- Website address: https://github.com/Cyb3rWard0g/HELK
Tool 4 – Wireshark
Wireshark tool is another widely used tool in security analysis, and I use this tool a lot in traffic analysis. Wireshark tool is one of the open-source and free tools because which we can traffic Easily monitor and analyze the network. This tool is not a security tool, but it is also used in other areas. It is even used for troubleshooting and network communication and malicious processes and attacks such as MITM.
- Website address: https://www.wireshark.org/download.html
Tool 5 – Atomic Red Team
This tool is a tool to check the performance of security controls and security equipment against various attacks. This tool can quickly test security controls by implementing multiple attacks based on MITRE ATT & CK.
- Website address: https://github.com/redcanaryco/atomic-red-team
Tool 6 – MISP
MISP is not a simple tool, and MISP is known as a complete platform of Cyber ​​Threat Intelligence through which we can receive or share information about Cyber ​​Threat Intelligence.
- Website address: https://www.misp-project.org/
Tool 7 – Snort
The snort tool is one of the most widely used IDS / IPS systems at the enterprise level. This free and open-source tool was first provided by SourceFire and then acquired by Cisco in 2013. This tool is still free and open source.
- Website address: https://www.snort.org/
Tool 8 – Suricata
Suricata tools like Snort is a free and open-source IDS / IPS through which we can detect and prevent attacks … Also another feature in Suricata is the ‌NSM feature.
- Website address: https://suricata.io/
Tool 9- Security Onion
Security Onion is a Linux distribution that contains multiple platforms, making it a single platform for threat detection, network monitoring, and disaster response. Security Onion is entirely free and open source.
- Website address: https://securityonionsolutions.com/
Tool 10 – Cuckoo
When we want to have a malware that includes different types such as worms (Worms) and rootkits, etc., we need to have a very good understanding of this malware. To do this and gain a good understanding of malware, we need an environment isolated from the system called the Sandbox. Cuckoo tool is a very powerful sandbox for malware analysis.
- Website address: https://cuckoo.sh/blog/
Tool 11 – OSQuery
The OSQuery tool is one of the tools that work through commands or SQL queries. We can use this tool to identify threats and log analysis. This process is done in OSQUERY via SQL statements.
- Website address: https://osquery.io/
Tool 12 – Sysmon
The Sysmon tool is part of the Sysinternals software suite provided by Microsoft. The Sysmon tool allows us to analyze, and monitor Windows system events and logs. Through Sysmon, we can analyze and investigate system events and use them to identify threats and respond to incidents … This software has become one of the most widely used tools in the field of SOC and threat hunting.
More: Sysmon 101 – What Is Sysmon? And How To Install Sysmon
Tool 13 – CALDERA
This tool is one of the MITRE tools that can mimic and implement Red Team attacks using MITRE ATT & CK techniques and tactics.
- Website address: https://github.com/mitre/caldera
Tool 14 – CALDERA
One of the tedious processes for security engineers and analysts is doing repetitive tasks. We need platforms such as SOAR or Security Orchestration Automation And Response to solve this problem. Demisto tool is one of the SOAR platforms that you can download the Community version of this tool from the site.
- Website address: https://www.demisto.com/community/
Tool 15 – Volatility
The volatility tool is one of the most popular tools among people who work in SOC and security analysis. This tool is a free and open-source tool to perform the Forensic process on the level of memory or RAM. This tool is one of the most successful tools in Memory Forensic, which allows us to quickly analyze and identify threats and extract various data from the level of a single RAM.
- Website address: https://github.com/volatilityfoundation/volatility
1 Comment