Awesome Cybersecurity Blue Team

A collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

Cybersecurity blue teams are groups of individuals who identify security flaws in information technology systems, verify the effectiveness of security measures, and monitor the systems to ensure that implemented defensive measures remain effective in the future. While not exclusive, this list is heavily biased towards Free Software projects and against proprietary products or corporate services. For offensive TTPs, please see awesome-pentest.Your contributions and suggestions are heartily ♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details. This work is licensed under a Creative Commons Attribution 4.0 International License.Many cybersecurity professionals enable racist state violence, wittingly or unwittingly, by providing services to local, state, and federal policing agencies or otherwise cooperating with similar institutions who do so. This evil most often happens through the coercive mechanism of employment under threat of lack of access to food, shelter, or healthcare. Despite this list's public availability, it is the maintainer's intention and hope that this list supports the people and organizations who work to counter such massive albeit banal evil. Image of a raised fist composed of the names of Black people murdered by taxpayer-funded racist police violence.

Image of a raised fist composed of the names of Black people murdered by taxpayer-funded racist police violence.

Image of a "Blue Lives Matter" flag with the thin blue line being peeled away to reveal a Nazi swastika underneath.

DEFUND THE POLICE.Contents

Automation and Convention

Code libraries and bindings

Security Orchestration, Automation, and Response (SOAR)

Cloud platform security

Distributed monitoring

Kubernetes

Service meshes

Communications security (COMSEC)

DevSecOps

Application or Binary Hardening

Compliance testing and reporting

Dependency confusion

Fuzzing

Policy enforcement

Supply chain security

Identity and AuthN/AuthZ

Incident Response tools

IR management consoles

Evidence collection

Network perimeter defenses

Firewall appliances or distributions

Operating System distributions

Phishing awareness and reporting

Preparedness training and wargaming

Post-engagement analysis and reporting

Security configurations

Security monitoring

Endpoint Detection and Response (EDR)

Network Security Monitoring (NSM)

Security Information and Event Management (SIEM)

Service and performance monitoring

Threat hunting

Threat intelligence

Fingerprinting

Threat signature packages and collections

Tor Onion service defenses

Transport-layer defenses

Overlay and Virtual Private Networks (VPNs)

macOS-based defenses

Windows-based defenses

Active Directory

Automation and Convention

Ansible Lockdown - Curated collection of information security themed Ansible roles that are both vetted and actively maintained.

Clevis - Plugable framework for automated decryption, often used as a Tang client.

DShell - Extensible network forensic analysis framework written in Python that enables rapid development of plugins to support the dissection of network packet captures.

Awesome Cybersecurity Blue Team

A collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

Your contributions and suggestions are heartily ♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details. This work is licensed under a Creative Commons Attribution 4.0 International License.

Many cybersecurity professionals enable racist state violence, wittingly or unwittingly, by providing services to local, state, and federal policing agencies or otherwise cooperating with similar institutions who do so. This evil most often happens through the coercive mechanism of employment under threat of lack of access to food, shelter, or healthcare. Despite this list's public availability, it is the maintainer's intention and hope that this list supports the people and organizations who work to counter such massive albeit banal evil.

Image of a raised fist composed of the names of Black people murdered by taxpayer-funded racist police violence.

Image of a "Blue Lives Matter" flag with the thin blue line being peeled away to reveal a Nazi swastika underneath.

DEFUND THE POLICE.

Automation and Convention
Code libraries and bindings
Security Orchestration, Automation, and Response (SOAR)
Cloud platform security
Distributed monitoring
Kubernetes
Service meshes
Communications security (COMSEC)
DevSecOps
Application or Binary Hardening
Compliance testing and reporting
Dependency confusion
Fuzzing
Policy enforcement
Supply chain security
Honeypots
Tarpits
Host-based tools
Sandboxes
Identity and AuthN/AuthZ
Incident Response tools
IR management consoles
Evidence collection
Network perimeter defenses
Firewall appliances or distributions
Operating System distributions
Phishing awareness and reporting
Preparedness training and wargaming
Post-engagement analysis and reporting
Security configurations
Security monitoring
Endpoint Detection and Response (EDR)
Network Security Monitoring (NSM)
Security Information and Event Management (SIEM)
Service and performance monitoring
Threat hunting
Threat intelligence
Fingerprinting
Threat signature packages and collections
Tor Onion service defenses
Transport-layer defenses
Overlay and Virtual Private Networks (VPNs)
macOS-based defenses
Windows-based defenses
Active Directory

Automation and Convention

Ansible Lockdown - Curated collection of information security themed Ansible roles that are both vetted and actively maintained.
Clevis - Plugable framework for automated decryption, often used as a Tang client.
DShell - Extensible network forensic analysis framework written in Python that enables rapid development of plugins to support the dissection of network packet captures.