1626 Open source projects that are alternatives of or similar to Sigma

Wazuh - The Open Source Security Platform

Exceptionless server and jobs

Utilities for Sysmon

Sysmon configuration file template with default high-quality event tracing

Wazuh - Chef cookbooks

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

Wazuh - Kibana plugin

Wazuh - Docker containers

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Wazuh - Ruleset

ASP.NET Core NLog MS SQL Server PostgreSQL MySQL Elasticsearch

Network monitoring system written in Python and Django, designed to be extensible, programmable, scalable and easy to use by end users: once the system is configured, monitoring checks, alerts and metric collection happens automatically.

HOMER 7 Docker Images

WordPress plugin for logging REST API requests and responses

Wazuh - Project documentation

HOMER 7.x Front-End and API Server

Linode Longview Agent

a Rocket-fast SYStem for LOG processing

The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.

A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]

Dashboard composition tooling based on the Uberfire framework

ElasticSearch cluster metrics -> Graphite

Logrus Hook for ElasticSearch

frostmourne是基于Elasticsearch, InfluxDB数据，Mysql数据的监控，报警，分析系统. Monitor & alert & alarm & analyze for Elasticsearch && InfluxDB Log Data。主要使用springboot2 + vue-element-admin。 https://frostmourne-demo.github.io/

PHP logging library that is highly extendable and simple to use.

A Suricata based IDS/IPS distro

Eliot: the logging system that tells you *why* it happened

The Heroic Time Series Database

A Serverless plugin to transport logs to ElasticSearch

Semantic Logger is a feature rich logging framework, and replacement for existing Ruby & Rails loggers.

Graylog Metrics Reporter Plugins

Reusable Terraform modules

Exports systemd logs to an external service, eg cloudwatch, elasticsearch

Monitoring and Management Web Application for ElasticSearch instances and clusters.

Punt is a tiny and lightweight daemon which helps ship logs to Elasticsearch.

Curated list of awesome cloud security blogs, podcasts, standards, projects, and examples.

Daemon to ban hosts that cause multiple authentication errors

Bro IDS Dockerfile

Kibana plugin to view, search & live tail log events

Python logging library to emit JSON log that can be easily indexed and searchable by logging infrastructure such as ELK, EFK, AWS Cloudwatch, GCP Stackdriver

elasticsearch, logstash and kibana configuration for pi-hole visualiziation

Stack Exchange's Monitoring System

Security event correlation engine for ELK stack

Deploy Elastic stack in a Docker Swarm cluster. Ship application logs and metrics using beats & GELF plugin to Elasticsearch

Open Source EDR for Windows

log4net appender to ElasticSearch

Deploy and maintain Symon through the Splunk Deployment Sever

** README ** This repo has MOVED to https://github.com/quadrantsec/sagan

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

Sysmon Splunk App

Kong API Manager with Prometheus And Graylog

Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook

Threat Detection & Anomaly Detection rules for popular open-source components

Important production-grade Kubernetes Ops Services

This repository is a collection of resources to prepare for the Certified Kubernetes Security Specialist (CKSS) exam.

Microsoft Application Insights SDK for Node.js

INFRASTRUCTURE、OPERATION SYSTEM and APPLICATION monitoring tools for Operations.

Receives HTTP webhook notifications from AlertManager and inserts them into an Elasticsearch index for searching and analysis

Pushes Sysmon Configs