49+ free tools across SIEM detection engineering, SOAR automation, AI threat defence, compliance checking and live threat intel. Built by practitioners, for practitioners. No paywalls, no trials, no sales calls.
Whether you are triaging alerts, building detection rules, designing playbooks, or demonstrating compliance — there is a tool here for it.
30+ instant-use tools across checklists, calculators, live intel, analysers, and security simulations. Everything from phishing demo to Windows Event ID lookup.
Detection engineering tools: 50+ use cases, query translation between SPL/KQL/AQL/EQL, coverage matrix, log volume estimator, compliance checker, and Sigma rule viewer.
Playbook and automation tools: visual playbook builder, maturity assessment, alert fatigue calculator, 10 incident response templates, and ROI calculator for management.
Type an Event ID or keyword. Get what it means, when it fires, what to look for, and a SOC triage recommendation. ~120 IDs that actually matter on shift.
Open lookup →50+ detection use cases with pseudo-code logic, MITRE ATT&CK mapping, required log sources, false positive sources, and tuning recommendations.
Browse use cases →Drag-and-drop SOAR playbook flowchart builder. Trigger, Decision, Action, and End nodes. Export as PNG for documentation or JSON for version control.
Open builder →Enter your incident detection time. Get exact CERT-In reporting deadlines under the Directions 2022 — a 6-hour countdown in plain language.
Calculate deadline →Score a suspicious email against the signals that matter when the attacker is using an LLM. Perfect grammar is no longer reassuring.
Analyse email →Translate detection logic between Splunk SPL, Microsoft Sentinel KQL, IBM QRadar AQL, and Elastic EQL. Five pre-built examples for common scenarios.
Translate query →Most free security tools are built for a US or European regulatory context. Cyber Guard Forte is built with Indian practitioners in mind — every compliance tool maps explicitly to the frameworks you are actually accountable to.
Tools with India-specific mapping
These are not static lists. They pull live data and update on a schedule.
Known exploited vulnerabilities from CISA, refreshed hourly. Searchable by vendor, product, and date. The list your patch team needs to see every Monday morning.
View live feed →Newly-registered domains that match phishing patterns, detected via CertStream in near real-time. Useful for brand protection and domain squatting monitoring.
Watch domains →Live map of IP reputation events and threat activity pulled from AbuseIPDB. See where attacks are originating and what types of threats are most active right now.
View map →A 15-question diagnostic across five domains — Business Alignment, People, Process, Technology, and Services — scored instantly with a visual gauge and per-domain recommendations. Know where your SOC stands before an incident tells you.
Plain-language writeups translating regulatory directions into what they actually mean for your team. CERT-In circulars, RBI cybersecurity guidance, DPDP Act implications, and SOC operations topics — no vendor spin, no fluff.
Topics covered
Everything here is free because the best security tools should be accessible to every SOC team — not just the ones with enterprise budgets.