GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Cargill → OpenSIEM-Logstash-Parsing

Cargill / OpenSIEM-Logstash-Parsing

Licence: Apache-2.0 license
SIEM Logstash parsing for more than hundred technologies

Programming Languages

python
139335 projects - #7 most used programming language

Labels

logstashparsinglogssiem

Projects that are alternatives of or similar to OpenSIEM-Logstash-Parsing

siemstress
Very basic CLI SIEM (Security Information and Event Management system).
Stars: ✭ 24 (-82.86%)
Mutual labels:  parsing, siem
skalogs-bundle
Open Source data and event driven real time Monitoring and Analytics Platform
Stars: ✭ 16 (-88.57%)
Mutual labels:  logstash, siem
cli-eaa
CLI for Enterprise Application Access (EAA)
Stars: ✭ 19 (-86.43%)
Mutual labels:  logs, siem
Docker monitoring logging alerting
Docker host and container monitoring, logging and alerting out of the box using cAdvisor, Prometheus, Grafana for monitoring, Elasticsearch, Kibana and Logstash for logging and elastalert and Alertmanager for alerting.
Stars: ✭ 479 (+242.14%)
Mutual labels:  logstash, logs
tutorials
Tutorials
Stars: ✭ 80 (-42.86%)
Mutual labels:  logstash, logs
logstash-config
logstash-config provides a parser and abstract syntax tree (AST) for the Logstash config format, written in Go
Stars: ✭ 26 (-81.43%)
Mutual labels:  logstash, parsing
paStash
pastaʃ'ʃ = Spaghetti I/O Event Data Processing, Interpolation, Correlation and beyond 🍝
Stars: ✭ 89 (-36.43%)
Mutual labels:  logstash, logs
Redelk
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Stars: ✭ 1,692 (+1108.57%)
Mutual labels:  logstash, siem
Dsiem
Security event correlation engine for ELK stack
Stars: ✭ 255 (+82.14%)
Mutual labels:  logstash, siem
SWELF
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
Stars: ✭ 23 (-83.57%)
Mutual labels:  logs, siem
ink
A Logger backend that logs JSON
Stars: ✭ 64 (-54.29%)
Mutual labels:  logstash, logs
CVparser
CVparser is software for parsing or extracting data out of CV/resumes.
Stars: ✭ 28 (-80%)
Mutual labels:  parsing
YAPDFKit
Yet another PDF Kit for parsing and modifying PDF's. For OS X and iOS.
Stars: ✭ 27 (-80.71%)
Mutual labels:  parsing
redis-healthy
It retrieves metrics, periodically, from Redis (or sentinel) and send them to Logstash
Stars: ✭ 62 (-55.71%)
Mutual labels:  logstash
puppeteer-autoscroll-down
Handle infinite scroll on websites by puppeteer
Stars: ✭ 40 (-71.43%)
Mutual labels:  parsing
FAParser
JSON Parsing + Archiving & Unarchiving in User Defaults
Stars: ✭ 67 (-52.14%)
Mutual labels:  parsing
logstash-laravel-logs
Process Laravel Log files on Logstash and forward to ElasticSearch
Stars: ✭ 35 (-75%)
Mutual labels:  logstash
SysmonConfigPusher
Pushes Sysmon Configs
Stars: ✭ 59 (-57.86%)
Mutual labels:  siem
Azure-Sentinel-4-SecOps
Microsoft Sentinel SOC Operations
Stars: ✭ 140 (+0%)
Mutual labels:  siem
rkubelog
Send k8s Logs to Papertrail and Loggly Without DaemonSets (for Nodeless Clusters)
Stars: ✭ 15 (-89.29%)
Mutual labels:  logs
View All Similar Projects ➔

OpenSIEM Logstash Parsing

Logstash Parsing Configurations for Elastisearch SIEM and OpenDistro for Elasticsearch SIEM

Why this project exists

The overhead of implementing Logstash parsing and applying Elastic Common Schema (ECS) across audit, security, and system logs can be a large drawback when using Elasticsearch as a SIEM (Security Incident and Event Management). The Cargill SIEM team has spent significant time on developing quality Logstash parsing processors for many well-known log vendors and wants to share this work with the community. In addition to Logstash processors, we have also included log collection programs for API-based log collection, as well as the setup scripts used to generate our pipeline-to-pipeline architecture.

Quick start Instructions

Follow GETTING_STARTED.md to get started. For detailed info on the architecture and working see README in build_scripts

Contributions

We welcome and encourage individual contributions to this repo. Please see the Contribution.md guide in the root of the repo. Please note that we reserve the right to close pull requests or issues that appear to be out of scope for our project, or for other reasons not specified.

Questions, Comments & Expected Level of Attention

Please create an issue and someone will try to respond to your issue within 5 business days. However, it should be noted that while we will try revisit the repository semi-regularly, we are not held beholden to this response time (life happens). We welcome other individuals' answers and input as well.

Licensing

Apache-2.0

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].