Best SecOps Tools: 50 Must-Have Tools for Your SecOps Arsenal, Part 3
Best SecOps Tools: 50 Must-Have Tools for Your SecOps Arsenal, Part 3
We continue our series on SecOps security tools by looking at ten tools that can help your team better handle Red Team, Alerting, and Secret Management processes.
Join the DZone community and get the full member experience.Join For Free
SecOps is a multi-faceted function tasked with a variety of responsibilities, not the least of which is coming up with secure software and applications while maintaining the development and release cadence users demand. It's no longer enough to just concern yourself with writing code and developing software.
Fortunately, a number of tools can help SecOps professionals meet these demands and achieve business goals. From dashboards that let SecOps pros view all the essential metrics about their apps in one place, to hunting tools that help users detect patterns and pinpoint potential vulnerabilities, to tools that issue alerts when anomalies arise, to attack modeling tools that create a standardized taxonomy of security threats, and more, there are many types of tools that today's SecOps pros should have in their arsenal.
In this series, we've rounded up 50 of the most useful tools for SecOps teams in the following categories. In this post, we'll cover Red Team, Alerting, and Secret Management tools.
- Attack Modeling
- Red Team
- Secret Management
- Threat Intelligence
EyeWitness allows you to take screenshots of open virtual network computing servers, remote desktops, and websites, providing server header information and default credentials whenever possible. It works on Kali Linux or Debian 7+, and you can use different flags to have it do what you need. For instance, using the
-f flag will automatically detect the file. Or you can use the
-t flag to set a maximum time for it to screenshot or render a web page. Read the documentation and get EyeWitness on GitHub here.
- Screenshot capabilities.
- Provides server header information and default credentials.
- Configure flags to customize the functionality.
Hound lets you search your source code quickly. It is based on the code written by Russ Cox, which combined expression matching and trigram index. It may seem like a redundant tool, but unlike old code searching tools, Hound is faster, easier to configure, and has a very small footprint. You do not need to install a lot of files to get this convenient tool. It is currently fully compatible with CentOS and MacOS, but it can work on any *nix system. Some users have also reported that it runs on Windows, but the creators do not officially support Microsoft's operating system.
- Quickly search your source code.
- Faster, easier configuration compared to other tools.
- Smaller footprint than other code searching tools.
- Works with any *nix system.
411 is the local directory assistance number for Canada and the United States, but it is also a slang term for information. 411, the program, allows you to manage your alerts using a web-based interface. It enables you to query different data sources for all the alerts it created. For example, you can use 411 when you want to detect when specific log lines appear in ElasticSearch, or when a program's metric changes, or when a server suddenly ceases responding. The graphical interface shows you the number of active alerts, how many of these are escalated, how many of these are high, medium, or low priority, and how many alerts are already stale. Get 411 on GitHub here.
- Query different data sources for alerts.
- Add metadata to alerts.
- The graphical interface displays active alerts, the number of alerts escalated, priority level, and the number of stale alerts.
- 20-day history of alerts and actions.
Alerta is an alert management system that allows you to query, monitor, and visualize alerts. Alerta offers numerous native integrations with several services, such as Prometheus, InfluxDB, Kapacitor, Google Stackdriver, Zabbix, Telegram, and PagerDuty. Moreover, Alerta has a very flexible alert format so you can include all the alerts that matter to you. It can also handle duplicate alerts and can help you correlate one alert to another.
- Query, monitor, and visualize alerts.
- Highly extensible.
- Variety of native integrations.
- Flexible alert format.
ElastAlert gives you an easy way to get alerts on spikes, anomalies, and other patterns you would be interested in when it comes to ElasticSearch data. ElastAlert is modular and reliable and is very easy to set up and configure. For instance, ElastAlert remembers its Elasticsearch state - and if it executes, it will automatically resume at the point where it was stopped. It will also retry alerts that return an error. Furthermore, all configurations are done on a single configuration file, the config.yaml. Out of the box, Elastalert works with a variety of alert types, such as AWS SNS, Commands, Email, Exotel, Gitter, HipChat, JIRA, MS Teams, OpsGenie, PagerDuty, Slack, Telegram, Twilio, and VictorOps. Developed by Yelp, ElastAlert is available on GitHub here.
- Works with a variety of alert types.
- Get alerts on spikes, irregular patterns, and other data.
- Automatically retries alerts that return errors.
BlackBox is a tool for storing your secrets in a version control repository such as Perforce, Git, or Mercurial. BlackBox basically makes it simple to use GNU Privacy Guard to encrypt files in a repo, making them encrypted even when they are not being transmitted through the networks. On the other end of the spectrum, BlackBox also makes it simple to decrypt the encrypted files when you need to edit or view them. You only need to have the right GPG key. You can use BlackBox with any Mercurial or git repository in order to encrypt SSL keys, passwords, and other secrets.
- Securely store your secrets in version control repositories.
- Use GNU Privacy Guard to encrypt files.
- Easy to decrypt files with a GPG key.
- Works with any Mercurial or Git repository.
27. Git Secrets
Git Secrets allows you to make sure that there is no or very little private information included in a public repository. This happens more than is necessary when you are collaborating to develop a platform or a program; people sometimes push very personal information onto a public repository. Git Secrets can help prevent that. It scans your commits using the git hooks you specify to make sure that you do not accidentally share private data. Git Secrets can automatically create the necessary hooks, and it curates a list of prohibited patterns. The shell utility will then scan the commits and commit messages, and see if there are prohibited patterns there. If there is a prohibited pattern in your commits, Git Secrets will reject it.
- Automatically creates necessary hooks.
- Curates a list of prohibited patterns.
- Scans commits and messages to detect prohibited patterns.
- Prevents the sharing of sensitive data on public repositories.
Keybase is a key directory that helps you manage your social media credentials to encryption keys. You can use it with Facebook, Reddit, GitHub, Twitter, Coinbase, Zcash, and Bitcoin. The messaging platform enables you to securely share updates, messages, and files. You can add people even if you do not know their email address or phone number (the way it works with other messaging platforms). You can also use Keybase to chat with other people, even if they have not signed up to Keybase. For instance, you can use somebody's Reddit username to send him or her a message. You can also use Keybase Teams to easily send files to and communicate with several people.
- Manages social media credentials to encryption keys.
- Works with a variety of social and collaboration platforms.
- Securely share messages, files, and updates.
- Connect with others, even if they are not Keybase members.
- Keybase Teams for group collaboration.
Transcrypt is short for "transparent encryption." It keeps your sensitive files safe when they are stored in a Git repo. Simply specify the files you want to protect and the script will encrypt them when you commit. Transcrypt will also decrypt these files automatically when you want to view them. The good thing about Transcrypt is that other users who do not have your encryption password are still able to make changes to the repository, but only those involving the non-encrypted files. What makes Transcrypt better than similar scripts is that it does not need to be compiled, it has safety checks that prevent it from duplicating configuration data, and it creates a unique salt for every encrypted file you specify. It also uses OpenSSL's cipher instead of its own.
- Keeps sensitive files safe when stored in a Git repo.
- Automatically encrypts specified files when committed.
- Automatically decrypts files when you need to view them.
- Enables other users to make changes to other files in the repo.
Vault, developed by HashiCorp, is a tool that lets you encrypt and manage secrets for data in transit. The tool stores your API keys and credentials, as well as encrypts your signup passwords. In short, Vault aims to be the only tool you will ever need for everything related to secret management. For instance, you do not have to understand who has access to which secrets, and you don't have to worry about key rolling, audit logs, and secure storage - you only have to use Vault. Vault offers several features, including secure secret storage, leasing and renewal of secrets, dynamic secrets, data encryption, auditing, secret revocation, access control rules, and a variety of authentication methods.
- Stores API keys and credentials.
- Encrypts signup passwords.
- Automatically handles everything related to secret management.
- Auditing tools.
- Access control.
- Supports a variety of authentication methods.
Published at DZone with permission of Christian Lappin , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.