Cisco Talos’ remit is not just to protect our customers from cyber attacks. We also strive to make the internet a better and safer place.

That’s one of the reasons why we create and release open-source software, for free. These tools are available to anyone in the security community to enhance their skills or to use and develop within their security operations.

We currently have 27 tools, all of which are available to download on our website at and on GitHub.

Here are the categories that you can find our open-source tools in:

  • Detection and protection engines: Software suites that can work alone or be integrated into broader security systems.
  • Decrytors for decrypting various samples of malware or ransomware.
  • Professional tools for malware analysis and the discovery of vulnerabilities.

In a newly released video from Talos, Martin Lee, our EMEA lead for Strategic Planning and Communications, discusses these categories and how defenders can use our open-source tools:


Our most well-known open-source tool is Snort, which is a leading intrusion prevention and detection system. It is the same engine that is included in Cisco Secure Firewall.

Anyone can download Snort and use it in their security operations to protect against network attacks and/or develop their own network rules.

In this episode of ThreatWise TV, Cisco Talos researchers Brandon Stultz and Nick Mavis not only provide a great overview of Snort 3.0, they also touch on the type of vulnerabilities that tend to trigger the most Snort signatures:

Check out the range of Talos open-source tools available, and do keep the security community informed of how you’re developing them so that we can all learn from each other.