The free cybersecurity toolkit built for SOC teams.
49+ free tools across SIEM detection engineering, SOAR automation, AI threat defence, compliance checking and live threat intel. Built by practitioners, for practitioners. No paywalls, no trials, no sales calls.
Three tool libraries, one free platform.
Whether you are triaging alerts, building detection rules, designing playbooks, or demonstrating compliance — there is a tool here for it.
Free Tools
30+ instant-use tools across checklists, calculators, live intel, analysers, and security simulations. Everything from phishing demo to Windows Event ID lookup.
SIEM Tools
Detection engineering tools: 50+ use cases, query translation between SPL/KQL/AQL/EQL, coverage matrix, log volume estimator, compliance checker, and Sigma rule viewer.
SOAR Tools
Playbook and automation tools: visual playbook builder, maturity assessment, alert fatigue calculator, 10 incident response templates, and ROI calculator for management.
The ones practitioners reach for first.
Windows Event ID Lookup
Type an Event ID or keyword. Get what it means, when it fires, what to look for, and a SOC triage recommendation. ~120 IDs that actually matter on shift.
Open lookup →SIEM Use Case Library
50+ detection use cases with pseudo-code logic, MITRE ATT&CK mapping, required log sources, false positive sources, and tuning recommendations.
Browse use cases →Visual Playbook Builder
Drag-and-drop SOAR playbook flowchart builder. Trigger, Decision, Action, and End nodes. Export as PNG for documentation or JSON for version control.
Open builder →CERT-In Deadline Calculator
Enter your incident detection time. Get exact CERT-In reporting deadlines under the Directions 2022 — a 6-hour countdown in plain language.
Calculate deadline →AI Phishing Email Analyser
Score a suspicious email against the signals that matter when the attacker is using an LLM. Perfect grammar is no longer reassuring.
Analyse email →SIEM Query Translator
Translate detection logic between Splunk SPL, Microsoft Sentinel KQL, IBM QRadar AQL, and Elastic EQL. Five pre-built examples for common scenarios.
Translate query →Frameworks you actually have to comply with.
Most free security tools are built for a US or European regulatory context. Cyber Guard Forte is built with Indian practitioners in mind — every compliance tool maps explicitly to the frameworks you are actually accountable to.
Tools with India-specific mapping
Real data, refreshed automatically.
These are not static lists. They pull live data and update on a schedule.
CISA KEV Feed
Known exploited vulnerabilities from CISA, refreshed hourly. Searchable by vendor, product, and date. The list your patch team needs to see every Monday morning.
View live feed →Phishing Domain Watcher
Newly-registered domains that match phishing patterns, detected via CertStream in near real-time. Useful for brand protection and domain squatting monitoring.
Watch domains →Global Threat Activity Map
Live map of IP reputation events and threat activity pulled from AbuseIPDB. See where attacks are originating and what types of threats are most active right now.
View map →SOC-CMM Maturity Assessment
A 15-question diagnostic across five domains — Business Alignment, People, Process, Technology, and Services — scored instantly with a visual gauge and per-domain recommendations. Know where your SOC stands before an incident tells you.
Practitioner Notes & Field Guides
Plain-language writeups translating regulatory directions into what they actually mean for your team. CERT-In circulars, RBI cybersecurity guidance, DPDP Act implications, and SOC operations topics — no vendor spin, no fluff.
Topics covered
49 tools. Zero cost. No account required for most.
Everything here is free because the best security tools should be accessible to every SOC team — not just the ones with enterprise budgets.