86 Open source projects that are alternatives of or similar to auditbeat-in-action

Ansible role to install auditbeat for security monitoring. (Ruleset included)

Tutorials

提供各种客户端接入阿里云 消息队列 Kafka 的demo工程

The ELK stack Docker containerization (Elasticsearch, Logstash and Kibana)

Collect logs for docker containers

Docker Compose for Elasticsearch and Kibana

ELK Stack (Elasticsearch, Logstash & Kibana)

Collector plugin for Graylog

Official Beats Docker images

Test Blue Team detections without running any attack.

Encyclopedia for Executables

The config files and docker-compose.yml files of Dockerized ELK Stack

Open Source SIEM (Security Information and Event Management system).

搭建ELK日志分析平台。

LogRhythm PowerShell Toolkit

Powerful Logging with Docker, FileBeat and Elasticsearch

Unofficial third-party scripts, playbooks, and content for IBM QRadar & QRadar Community Edition.

Chef Cookbook to Manage Elastic Filebeat https://supermarket.chef.io/cookbooks/filebeat

A complete documentation on how to install Elastic Stack on Ubuntu 16.04 Server ASAP 😎

** README ** This repo has MOVED to https://github.com/quadrantsec/sagan

Suricata IDS/IPS log analytics using the Elastic Stack.

Open-source framework to detect outliers in Elasticsearch events

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

Elastic beat-exporter for Prometheus

A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

🐠 Beats - Lightweight shippers for Elasticsearch & Logstash

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

A playbook for setting up the ELK Stack + beats log shippers on Ubuntu 16.04 and above

A library and a tool for converting audit logs to XML and JSON

Deploy ELK stack and kafka with docker-compose

Microsoft Sentinel SOC Operations

SIAC is an enterprise SIEM built on open-source technology.

Important production-grade Kubernetes Ops Services

Automate creating resilient, disposable, secure and agile monitoring infrastructure for Blue Teams.

容器日志搜集套件。

ECS Logging - Common resources and issues for the language specific ECS loggers

ELKFH - Elastic, Logstash, Kibana, Filebeat and Honeypot (HTTP, HTTPS, SSH, RDP, VNC, Redis, MySQL, MONGO, SMB, LDAP)

Elastic Beats Output to Apache Pulsar

Python 版 Filebeat

Simple API/UI for testing filebeat dissect patterns against a collection of sample log lines.

Security event correlation engine for ELK stack

Deploy Elastic stack in a Docker Swarm cluster. Ship application logs and metrics using beats & GELF plugin to Elasticsearch

🔮 Visibility Across Space and Time

Bro IDS + ELK Stack to detect and block data exfiltration

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

some personally made dockerfile

SIEM Tactics, Techiques, and Procedures

This project is a SIEM with SIRP and Threat Intel, all in one.

Automated Use Case Testing

Filebeat container, alternative to fluentd used to ship kubernetes cluster and pod logs

Splunk code (SPL) useful for serious threat hunters.

🔥基于go-zero(go zero) 微服务全技术栈开发最佳实践项目。Develop best practice projects based on the full technology stack of go zero (go zero) microservices.

elasticsearch, logstash and kibana configuration for pi-hole visualiziation

Application that build on Elasticsearch and Spring Boot Microservices (Synchronous Service)

Pushes Sysmon Configs

Threat Hunting with ELK Workshop (InfoSecWorld 2017)

基于日志模板构建，采集任务动态管控、数据质量精确度量，一站式日志采集平台

Giving the Elastic Stack a try in Vagrant