CTI Tools
Discover a selection of essential tools for Cyber Threat Intelligence: sharing platforms, analysis frameworks, and investigation tools.
Filters
Categories
Price
License
17 tools found
MISP
Threat information sharing platform (Free and Open Source)
Usage
Platform for sharing threat information and indicators of compromise.
Key features
- IOC sharing
- Event correlation
- REST API
- Web interface
Installation
Installation via package manager or Docker
Documentation
Complete documentation available
Community
Large international community
OpenCTI
Threat knowledge management platform (Free and Open Source)
Usage
Platform for managing threat knowledge and cyber threat analysis.
Key features
- Knowledge management
- Graph visualization
- GraphQL API
- Integration with other tools
Installation
Installation via Docker
Documentation
Complete documentation available
Community
Active community
ThreatFox
Threat intelligence platform (Free and Open Source)
Usage
Threat intelligence platform with API for integration.
Key features
- IOC database
- REST API
- Data export
- Integration with other tools
Installation
Web service, access via API
Documentation
API documentation available
Community
Active community
Cortex
Threat analysis platform (Free and Open Source)
Usage
Threat analysis platform with support for multiple analyzers.
Key features
- Multiple analyzers
- REST API
- Web interface
- Integration with TheHive
Installation
Installation via Docker
Documentation
Documentation on GitHub
Community
Active community
MITRE ATT&CK
Knowledge framework on adversary tactics and techniques (Free)
Usage
Knowledge framework on adversary tactics and techniques for threat modeling.
Key features
- Attack matrix
- Tactics and techniques
- Adversary groups
- Malware
Installation
Web service, no installation required
Documentation
Complete documentation available
Community
Large international community
STIX
Standard for exchanging cyber threat information (Free)
Usage
Standardized format for exchanging cyber threat information.
Key features
- Standardized format
- Integration with TAXII
- JSON support
- Extensible
Installation
Libraries available for different languages
Documentation
OASIS documentation available
Community
OASIS community
TAXII
Protocol for threat information exchange (Free)
Usage
Protocol for exchanging threat information between platforms.
Key features
- Secure exchange
- Integration with STIX
- REST API
- HTTPS support
Installation
Libraries available for different languages
Documentation
OASIS documentation available
Community
OASIS community
VERIS
Security incident classification framework (Free)
Usage
Framework for classifying and analyzing security incidents.
Key features
- Standardized classification
- Security metrics
- Incident reports
- Incident database
Installation
Web service, no installation required
Documentation
Documentation available on the website
Community
VERIS community
YARA
Pattern detection tool (Free and Open Source)
Usage
Tool for detecting patterns in files and memory.
Key features
- Customizable rules
- Pattern detection
- Multi-platform support
- Integration with other tools
Installation
Installation via package manager
Documentation
Documentation on GitHub
Community
Large community on GitHub
VirusTotal
File and URL analysis service (Free with premium version)
Usage
Service for analyzing files and URLs to detect malware.
Key features
- Multi-engine analysis
- API available
- Artificial intelligence
- Detailed reports
Installation
Cloud service, access via web interface or API
Documentation
API documentation available
Community
Large user community
Cuckoo Sandbox
Malware analysis environment (Free and Open Source)
Usage
Environment for automated analysis of malware and suspicious files.
Key features
- Malware analysis
- Detailed reports
- REST API
- Web interface
Installation
Installation via package manager or Docker
Documentation
Complete documentation available
Community
Large community
AlienVault OTX
Threat intelligence platform (Free)
Usage
Threat intelligence platform with community sharing.
Key features
- Community pulses
- Indicators of compromise
- API available
- Customizable alerts
Installation
Cloud service, access via web interface or API
Documentation
API documentation available
Community
Large international community
AbuseIPDB
Database of malicious IP addresses (Free with premium version)
Usage
Database of malicious IP addresses with scoring system.
Key features
- IP address database
- API available
- Scoring system
- Detailed reports
Installation
Web service, access via API
Documentation
API documentation available
Community
Large community
URLhaus
Database of malicious URLs (Free)
Usage
Database of malicious URLs with API for integration.
Key features
- URL database
- API available
- Data export
- Integration with other tools
Installation
Web service, access via API
Documentation
API documentation available
Community
Active community
Maltego
Graph visualization tool (Paid - Free Community version)
Usage
Tool for visualizing and analyzing relationships between entities.
Key features
- Graph visualization
- Custom transforms
- Integration of sources
- Investigation reports
Installation
Installation via package manager
Documentation
Complete documentation available
Community
Large community
TheHive
Security incident management platform (Free and Open Source)
Usage
Platform for managing security incidents with task automation.
Key features
- Incident management
- Task automation
- Integration with Cortex
- Web interface
Installation
Installation via Docker
Documentation
Complete documentation available
Community
Large community
Shuffle
Security automation platform (Free and Open Source)
Usage
Platform for automating security tasks and investigations.
Key features
- Custom workflows
- Tool integration
- API available
- Web interface
Installation
Installation via Docker
Documentation
Complete documentation available
Community
Active community