There are 47 repositories under siem topic.
Free and open log management
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
A collection of sources of documentation, as well as field best practices, to build/run a SOC
A collective list of public APIs for use in security. Contributions welcome
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
SIEM Tactics, Techiques, and Procedures
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Awesome list of keywords and artefacts for Threat Hunting sessions
Splunk code (SPL) for serious threat hunters and detection engineers.
Microsoft Sentinel SOC Operations
Open-source framework to detect outliers in Elasticsearch events
An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.
Repository with Sample KQL Query examples for Threat Hunting
Open Source SIEM (Security Information and Event Management system).
SIEM Logstash parsing for more than hundred technologies