siem

There are 52 repositories under siem topic.

wazuh / wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
security compliance log-analysis vulnerability-detection cybersecurity file-integrity-monitoring infosec malware-detection cloud-security container-security security-automation security-tools siem xdr configuration-assessement incident-response pci-dss security-audit security-hardening wazuh
Language:C 13486
SigmaHQ / sigma
Main Sigma Rule Repository
elasticsearch ids logging monitoring security siem signatures splunk sysmon
Language:Python 9617
Graylog2 / graylog2-server
Free and open log management
amqp gelf graylog hacktoberfest kafka log-analysis log-collector log-management log-viewer logging logging-server secure-logging security siem syslog
Language:Java 7803
outflanknl / RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
security siem monitoring elastic elasticsearch logstash kibana red-teaming
Language:Python 2550
Digital-Forensics-Guide
mikeroyal / Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
digitalforensics digitalforensicreadiness forensics security forensics-tools digital-forensics threat-intelligence intrusion-detection mitre-attack detection-engineering network-security offensive-security cyber-security port-scanning siem alerting forensic-analysis forensics-investigations osint dfir
Language:Python 2249
mozilla / MozDef
DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
siem python elk elk-stack elasticsearch security abandoned unmaintained
Language:Python 2171
elastdocker
sherifabdlnaby / elastdocker
🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
elk elk-stack elasticstack docker docker-compose docker-compos-template elasticsearch siem observability kibana logstash
Language:Dockerfile 2030
matano
matanolabs / matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
aws cloud security big-data serverless apache-iceberg log-analytics log-management threat-hunting rust alerting cloud-native aws-security cloud-security cybersecurity secops security-tools dfir detection-engineering siem
Language:Rust 1612
cyb3rxp / awesome-soc
A collection of sources of documentation, as well as field best practices, to build/run a SOC
architecture cert csirt detection incident-response management mitre-attack purpleteam risk-management siem sirp soa soar soc tip ttp
1502
pfelk
pfelk / pfelk
pfSense/OPNsense + Elastic Stack
pfsense elasticsearch opnsense elastic siem firewall logs docker
Language:Shell 1166
awesome-lists
mthcht / awesome-lists
Awesome Security lists for SOC/CERT/CTI
blueteam hacktools redteam security soc awesome-list cti ioc blueteam-tools detection detection-engineering dfir incident-response iocs ir siem threat-hunting threat-intelligence ransomware rmm
Language:YARA 1108
sentinel-attack
netevert / sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
azure azure-sentinel blue-team cybersecurity detection kql logging mitre-attack security-tools siem sysmon sysmon-config terraform-azure threat-hunting workbooks
1073
Open-Source-Security-Guide
mikeroyal / Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
vulnerabilities vulnerability-detection privacy-protection pentesters network-analysis intrusion-detection infosec incident-management mitre-attack detection-engineering kali-linux offensive-security information-security siem compliance cyber-security scanning-tool incident-response forensics-tools surveillance
Language:Go 1007
jaegeral / security-apis
A collective list of public APIs for use in security. Contributions welcome
awesome-list security siem json-api json
941
nsacyber / Event-Forwarding-Guidance
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
event-log siem windows
Language:PowerShell 879
ion-storm / sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
sysmon threatintel threat-hunting netsec sysinternals logging graylog graylog-plugin dfir threat-intelligence threat-sharing threat-analysis mitre-attack digitalforensics forensic-analysis forensicartifacts forensics siem sigma-rules humio
Language:PowerShell 809
laurel
threathunters-io / laurel
Transform Linux Audit logs for SIEM usage
audispd auditd contributions-welcome linux rust security security-monitoring siem
Language:Rust 789
tenzir
tenzir / tenzir
Tenzir is the data pipeline engine for security teams.
incident-response threathunting siem soc security dataops investigation pcap secdataops netflow suricata zeek pipelines sigma hacktoberfest
Language:C++ 703
runreveal / pql
Pipelined Query Language
clickhouse detection-engineering go golang query-language siem sql
Language:Go 677
TonyPhipps / SIEM
SIEM Tactics, Techiques, and Procedures
threat hunt red blue purple team incident response baseline monitor analysis scan log forensics triage recon threat-hunting security soc siem
Language:PowerShell 662
ThreatHunting-Keywords
mthcht / ThreatHunting-Keywords
Awesome list of keywords and artifacts for Threat Hunting sessions
awesome-list blueteam detection-engineering endpoint-security iocs offensive-scripts offensive-security redteam siem soc splunk threat-hunting threat-intelligence threathunting dfir incident-response forensic hacktools elk-stack yara-rules
Language:PowerShell 604
mdecrevoisier / EVTX-to-MITRE-Attack
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
evtx mitre-attack redteam siem threat-hunting
588
iknowjason / PurpleCloud
A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4
azure pentest purpleteam siem dfir dfir-automation azure-lab
Language:Python 564
tailpipe
turbot / tailpipe
select * from logs; Tailpipe is an open source SIEM for instant log insights, powered by DuckDB. Analyze millions of events in seconds, right from your terminal.
aws azure detections devops duckdb forensics gcp incident-response log-analysis mitre-attack open-source parquet siem tailpipe threat-detection
Language:Go 486
Meerkat
TonyPhipps / Meerkat
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
threat hunt red blue purple team incident response baseline monitor analysis scan log forensics triage recon threat-hunting security soc siem
Language:PowerShell 468
strontic / xcyclopedia
Encyclopedia for Executables
executable siem soar command-line exe lolbins ssdeep
Language:PowerShell 452
GACWR / OpenUBA
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]
ueba datascience cybersecurity analytics threathunting tensorflow spark flask information-security siem anomaly-detection uba sklearn security elk elasticsearch machine-learning nodejs user-behaviour react
Language:Python 449
defenxor / dsiem
Security event correlation engine for ELK stack
elasticsearch elk logstash ossim security siem
Language:Go 444
panther-labs / panther-analysis
Built-in Panther detection rules and policies
cybersecurity python security siem
Language:Python 421
olafhartong / ATTACKdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
dfir mitre-attack siem threat-detection threat-hunting
Language:PowerShell 352
utmstack / UTMStack
Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
compliance siem security security-audit incident-response log-analysis log-parsing malware-detection security-tools threat-analysis threat-detection threat-hunting threat-intelligence security-automation cmmc hipaa soar soc2 security-operations-center soc
Language:Java 325
inodee / threathunting-spl
Splunk code (SPL) for serious threat hunters and detection engineers.
splunk threat-hunting use-case siem rules spl
287
n0dec / MalwLess
Test Blue Team detections without running any attack.
blueteam dfir mitre-attack sysmon siem redteam powershell hacktoberfest
Language:C# 272
eshlomo1 / Microsoft-Sentinel-SecOps
Microsoft Sentinel SOC Operations
azure azure-sentinel cloudsecurity hunting incident-response ir microsoft microsoft-sentinel secops security siem soc threat-hunting threat-intelligence
Language:PowerShell 260
beave / sagan
** README ** This repo has MOVED to https://github.com/quadrantsec/sagan
ids ips log log-monitoring nsm security siem syslog
229
ashwin-patil / blue-teaming-with-kql
Repository with Sample KQL Query examples for Threat Hunting
threat-hunting blueteaming azure-data-explorer azure-sentinel kql security siem loganalytics azure
216