These are tools discussed Learning Ransomware Response & Recovery by W. Curtis Preston and Dr. Mike Saylor. Browse the list of all tools or get the book.
Inclusion in this directory does not indicate endorsement.
If you see a missing tool, leave a comment!
Security Information and Event Management (SIEM) platforms collect, correlate, and analyze security logs and events from across the infrastructure to detect threats and support incident response.
Commercial
- Splunk – https://www.splunk.com – Enterprise SIEM and log analysis platform
- IBM QRadar – https://www.ibm.com/qradar – Enterprise SIEM with correlation engine
- Azure Sentinel – https://azure.microsoft.com/en-us/products/microsoft-sentinel – Cloud-native SIEM
- ArcSight – https://www.microfocus.com/en-us/cyberres/secops/arcsight-esm – Enterprise SIEM platform
- LogRhythm – https://logrhythm.com – SIEM with timeline analysis capabilities
- Sumo Logic – https://www.sumologic.com – Cloud-native log analysis and SIEM
- AWS GuardDuty – https://aws.amazon.com/guardduty – AWS threat detection service (has free tier)
Free/Open Source
- ELK Stack – https://www.elastic.co/elastic-stack – Open-source log analysis stack (Elasticsearch, Logstash, Kibana)
- Graylog – https://graylog.org – Open-source centralized logging platform
- OSSIM/AlienVault OSSEC – https://sourceforge.net/projects/os-sim/ – Open-source SIEM