Investigate alerts, pull apart suspicious artefacts and drive an incident from detection through to recovery. These are the blue team tools for the people who have to respond.
Parse raw email headers to trace the real sender, the hop path and the SPF, DKIM and DMARC results behind a message.
Break a suspicious link into its parts and flag the tricks phishers use to disguise where it really points.
Pull IPs, domains, hashes and URLs out of a block of text and get back a clean, defanged list of indicators.
Look up a CVE by its ID and read the description, severity and references pulled from public vulnerability data.
Browse ATT&CK tactics and techniques and map observed adversary behaviour to the framework.
Work an alert through a structured triage flow so nothing gets missed before you escalate or close it out.
Step through containment, eradication and recovery actions for the common incident types a small team faces.
Build clean firewall rules from source, destination, port and action, with a readable summary of what each one does.
Defang a URL or IP so it cannot be clicked in a report, or refang one back to its live form for analysis.
Convert between Unix epoch time and human readable dates across time zones, in both directions.
Paste raw log lines and get IPs, timestamps and key fields highlighted and pulled into a readable view.
Search Windows Security and System event IDs and read what each one means for detection and response.
Reference tools last reviewed June 2026. Detection content is checked quarterly.
Free for learners. Tell us who you are once and every tool opens after that. It helps us keep the tools working and build what you actually need.
One time only. We never sell your data.
