JoseMezaVila/siembol

An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.

Siembol provides a scalable, advanced security analytics framework based on open-source big data technologies. Siembol normalizes, enriches, and alerts on data from various sources, which allows security teams to respond to attacks before they become incidents.

• Introduction
  • How to try Siembol
  • How to contribute
• Siembol UI
  • Adding a new configuration
  • Submitting configurations
  • Importing a sigma rule
  • Deploying configurations
  • Testing configurations
  • Testing deployments
  • Adding links to the homepage
  • Setting up OAUTH2 OIDC
  • Modifying the layout
  • Managing applications
• Siembol services
  • Setting up a service in the config editor rest
  • Alerting service
  • Parsing service
    • How to setup NetFlow v9 parsing
  • Enrichment service
    • Setting up an enrichment table
  • Response service
    • Writing a response plugin
• Siembol deployment
  • Setting up ZooKeeper nodes
  • Setting up a GitHub webhook
  • Tuning the performance of Storm topologies
  • Setting up Kerberos for external dependencies