Top 46 siem open source projects

Security event correlation engine for ELK stack

** README ** This repo has MOVED to https://github.com/quadrantsec/sagan

🔮 Visibility Across Space and Time

Test Blue Team detections without running any attack.

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

Open-source framework to detect outliers in Elasticsearch events

SIEM Tactics, Techiques, and Procedures

Encyclopedia for Executables

Automated Use Case Testing

A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]

Splunk code (SPL) useful for serious threat hunters.

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

SIAC is an enterprise SIEM built on open-source technology.

Curated list of awesome cybersecurity companies and solutions.

Threat Alert Logic Repository

Tools to create a Native Windows Audit Collection Platform. Active Directory example provided

SIEM-From-Scratch is a drop-in ELK based SIEM component for your Vagrant infosec lab

Free and open source log management

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.

Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

A collective list of public JSON APIs for use in security. Contributions welcome

Generic Signature Format for SIEM Systems

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Repository with Sample KQL Query examples for Threat Hunting

Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook

Azure Sentinel intrusion detection rules, recent exploits and lolbas :)

Kong API Manager with Prometheus And Graylog

Logmira by Blumira has been created by Amanda Berlin as a helpful download of Microsoft Windows Domain Group Policy Object settings.

Very basic CLI SIEM (Security Information and Event Management system).

Open Source data and event driven real time Monitoring and Analytics Platform

Threat Detection & Anomaly Detection rules for popular open-source components

A Lambda-powered Security Orchestration framework for AWS GuardDuty

CLI for Enterprise Application Access (EAA)

An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.

SIEM Logstash parsing for more than hundred technologies

Demo for Elastic's Auditbeat and SIEM

Pushes Sysmon Configs

Microsoft Sentinel SOC Operations

LogRhythm PowerShell Toolkit

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

Open Source SIEM (Security Information and Event Management system).

Ansible role to install auditbeat for security monitoring. (Ruleset included)

Automate creating resilient, disposable, secure and agile monitoring infrastructure for Blue Teams.

Unofficial third-party scripts, playbooks, and content for IBM QRadar & QRadar Community Edition.