siem

There are 351 repositories under siem topic.

wazuh/wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Language:C9.4k 212 15.9k1.5k
SigmaHQ/sigma
Main Sigma Rule Repository
Language:Python7.8k 328 5792.1k
Graylog2/graylog2-server
Free and open log management
Language:Java7.2k 239 7.2k1k
outflanknl/RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Language:Python2.3k 80 140361
mozilla/MozDef
DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
Language:Python2.2k 149 391329
sherifabdlnaby/elastdocker
🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
Language:Dockerfile1.7k 35 72299
mikeroyal/Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Language:Python1.4k 30 5171
matanolabs/matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Language:Rust1.4k 21 10491
cyb3rxp/awesome-soc
A collection of sources of documentation, as well as field best practices, to build/run a SOC
1.1k 30 0182
netevert/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Language:HCL1k 71 40207
pfelk/pfelk
pfSense/OPNsense + Elastic Stack
Language:Shell997 39 361189
mikeroyal/Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
Language:Go865 29 380
jaegeral/security-apis
A collective list of public APIs for use in security. Contributions welcome
847 59 14130
nsacyber/Event-Forwarding-Guidance
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
Language:PowerShell839 97 10164
ion-storm/sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
Language:PowerShell756 87 19143
runreveal/pql
Pipelined Query Language
Language:Go619 5 3923
tenzir/tenzir
Open source security data pipelines.
Language:C++619 35 085
TonyPhipps/SIEM
SIEM Tactics, Techiques, and Procedures
526 32 196
iknowjason/PurpleCloud
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
Language:Python485 25 2385
mdecrevoisier/EVTX-to-MITRE-Attack
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
479 24 181
defenxor/dsiem
Security event correlation engine for ELK stack
Language:Go431 27 51103
TonyPhipps/Meerkat
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Language:PowerShell427 31 284
strontic/xcyclopedia
Encyclopedia for Executables
Language:PowerShell396 25 645
GACWR/OpenUBA
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]
Language:Python357 31 22210
mthcht/ThreatHunting-Keywords
Awesome list of keywords and artifacts for Threat Hunting sessions
Language:HTML349 7 839
olafhartong/ATTACKdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Language:PowerShell344 24 464
n0dec/MalwLess
Test Blue Team detections without running any attack.
Language:C#270 29 358
inodee/threathunting-spl
Splunk code (SPL) for serious threat hunters and detection engineers.
259 24 039
beave/sagan
** README ** This repo has MOVED to https://github.com/quadrantsec/sagan
231 27 12864
eshlomo1/Microsoft-Sentinel-SecOps
Microsoft Sentinel SOC Operations
Language:PowerShell231 12 061
NVISOsecurity/ee-outliers
Open-source framework to detect outliers in Elasticsearch events
Language:Python204 21 16034
G-Research/siembol
An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.
Language:Java196 14 3563
ashwin-patil/blue-teaming-with-kql
Repository with Sample KQL Query examples for Threat Hunting
193 10 037
utmstack/UTMStack
Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence
Language:Java188 7 17316
dogoncouch/LogESP
Open Source SIEM (Security Information and Event Management system).
Language:Python187 16 1264
Cargill/OpenSIEM-Logstash-Parsing
SIEM Logstash parsing for more than hundred technologies
Language:Python177 20 2239

siem

wazuh/wazuh

SigmaHQ/sigma

Graylog2/graylog2-server

outflanknl/RedELK

mozilla/MozDef

sherifabdlnaby/elastdocker

mikeroyal/Digital-Forensics-Guide

matanolabs/matano

cyb3rxp/awesome-soc

netevert/sentinel-attack

pfelk/pfelk

mikeroyal/Open-Source-Security-Guide

jaegeral/security-apis

nsacyber/Event-Forwarding-Guidance

ion-storm/sysmon-config

runreveal/pql

tenzir/tenzir

TonyPhipps/SIEM

iknowjason/PurpleCloud

mdecrevoisier/EVTX-to-MITRE-Attack

defenxor/dsiem

TonyPhipps/Meerkat

strontic/xcyclopedia

GACWR/OpenUBA

mthcht/ThreatHunting-Keywords

olafhartong/ATTACKdatamap

n0dec/MalwLess

inodee/threathunting-spl

beave/sagan

eshlomo1/Microsoft-Sentinel-SecOps

NVISOsecurity/ee-outliers

G-Research/siembol

ashwin-patil/blue-teaming-with-kql

utmstack/UTMStack

dogoncouch/LogESP

Cargill/OpenSIEM-Logstash-Parsing