Awesome Cybersecurity Blue Team Awesome

A collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

Cybersecurity blue teams are groups of individuals who identify security flaws in information technology systems, verify the effectiveness of security measures, and monitor the systems to ensure that implemented defensive measures remain effective in the future. While not exclusive, this list is heavily biased towards Free Software projects and against proprietary products or corporate services. For offensive TTPs, please see awesome-pentest.

Your contributions and suggestions are heartily ♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details. This work is licensed under a Creative Commons Attribution 4.0 International License.

Many cybersecurity professionals enable racist state violence, wittingly or unwittingly, by providing services to local, state, and federal policing agencies or otherwise cooperating with similar institutions who do so. This evil most often happens through the coercive mechanism of employment under threat of lack of access to food, shelter, or healthcare. Despite this list's public availability, it is the maintainer's intention and hope that this list supports the people and organizations who work to counter such massive albeit banal evil.

Image of a raised fist composed of the names of Black people murdered by taxpayer-funded racist police violence.

Image of a "Blue Lives Matter" flag with the thin blue line being peeled away to reveal a Nazi swastika underneath.



Automation and Convention

Code libraries and bindings

Security Orchestration, Automation, and Response (SOAR)

See also Security Information and Event Management (SIEM), and IR management consoles.

Cloud platform security

See also asecure.cloud/tools.

Distributed monitoring

See also § Service and performance monitoring.


See also Kubernetes-Security.info.

Service meshes

See also ServiceMesh.es.

Communications security (COMSEC)

See also Transport-layer defenses.


See also awesome-devsecops.

Application or Binary Hardening

Compliance testing and reporting

Dependency confusion

See also § Supply chain security.


See also Awesome-Fuzzing.

Policy enforcement

Supply chain security

See also § Dependency confusion.


See also awesome-honeypots.


Host-based tools


Identity and AuthN/AuthZ

Incident Response tools

See also awesome-incident-response.

IR management consoles

See also Security Orchestration, Automation, and Response (SOAR).

Evidence collection

Network perimeter defenses

Firewall appliances or distributions

See also Wikipedia: List of router and firewall distributions.

Operating System distributions

Phishing awareness and reporting

See also awesome-pentest § Social Engineering Tools.

Preparedness training and wargaming

(Also known as adversary emulation, threat simulation, or similar.)

Post-engagement analysis and reporting

Security configurations

(Also known as secure-by-default baselines and implemented best practices.)

Security monitoring

Endpoint Detection and Response (EDR)

Network Security Monitoring (NSM)

See also awesome-pcaptools.

Security Information and Event Management (SIEM)

Service and performance monitoring

See also awesome-sysadmin#monitoring.

Threat hunting

(Also known as hunt teaming and threat detection.)

See also awesome-threat-detection.

Threat intelligence

See also awesome-threat-intelligence.


Threat signature packages and collections

Tor Onion service defenses

See also awesome-tor.

Transport-layer defenses

Overlay and Virtual Private Networks (VPNs)

macOS-based defenses

See also drduh/macOS-Security-and-Privacy-Guide.

Windows-based defenses

See also awesome-windows#security and awesome-windows-domain-hardening.

Active Directory



This work is licensed under a Creative Commons Attribution 4.0 International License.