siem

There are 651 repositories under siem topic.

wazuh/wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Language:C13.9k 220 22.5k2k
SigmaHQ/sigma
Main Sigma Rule Repository
Language:Python9.8k 351 6362.5k
Graylog2/graylog2-server
Free and open log management
Language:Java7.9k 231 8.1k1.1k
outflanknl/RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Language:Python2.6k 78 142395
mikeroyal/Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Language:Python2.3k 44 5259
mozilla/MozDef
DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
Language:Python2.2k 144 391327
sherifabdlnaby/elastdocker
🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
Language:Dockerfile2k 35 78337
matanolabs/matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Language:Rust1.6k 21 105116
cyb3rxp/awesome-soc
A collection of sources of documentation, as well as field best practices, to build/run a SOC
1.5k 41 0243
pfelk/pfelk
pfSense/OPNsense + Elastic Stack
Language:Shell1.2k 40 379200
mthcht/awesome-lists
Awesome Security lists for SOC/CERT/CTI
Language:YARA1.2k 29 47144
netevert/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
1.1k 69 40207
mikeroyal/Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
Language:Go1k 28 393
jaegeral/security-apis
A collective list of public APIs for use in security. Contributions welcome
953 57 14145
nsacyber/Event-Forwarding-Guidance
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
Language:PowerShell879 93 10171
tirrenotechnologies/tirreno
tirreno — open-source security analytics. Understand, monitor, and protect your application from cyber threats, account takeovers, and abuse. Get started — free.
Language:PHP843 16 492
ion-storm/sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
Language:PowerShell812 85 22143
threathunters-io/laurel
Transform Linux Audit logs for SIEM usage
Language:Rust802 17 8262
tenzir/tenzir
Tenzir is the data pipeline engine for security teams.
Language:C++705 34 0100
runreveal/pql
Pipelined Query Language
Language:Go682 5 4427
TonyPhipps/SIEM
SIEM Tactics, Techiques, and Procedures
677 34 3110
mthcht/ThreatHunting-Keywords
Awesome list of keywords and artifacts for Threat Hunting sessions
Language:PowerShell614 10 1377
iknowjason/PurpleCloud
A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4
Language:Python604 23 25104
mdecrevoisier/EVTX-to-MITRE-Attack
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
594 25 198
VictoriaMetrics/VictoriaLogs
Fast and easy to use database for logs, which can efficiently handle terabytes of logs
Language:Go552 7 63244
turbot/tailpipe
select * from logs; Tailpipe is an open source SIEM for instant log insights, powered by DuckDB. Analyze millions of events in seconds, right from your terminal.
Language:Go516 8 29411
TonyPhipps/Meerkat
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Language:PowerShell474 28 285
GACWR/OpenUBA
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]
Language:Python459 28 25260
strontic/xcyclopedia
Encyclopedia for Executables
Language:PowerShell458 26 749
defenxor/dsiem
Security event correlation engine for ELK stack
Language:Go447 27 52104
panther-labs/panther-analysis
Built-in Panther detection rules and policies
Language:Python424 33 77191
utmstack/UTMStack
Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
Language:Java355 14 32055
olafhartong/ATTACKdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Language:PowerShell351 23 462
inodee/threathunting-spl
Splunk code (SPL) for serious threat hunters and detection engineers.
287 24 043
n0dec/MalwLess
Test Blue Team detections without running any attack.
Language:C#271 29 349
eshlomo1/Microsoft-Sentinel-SecOps
Microsoft Sentinel SOC Operations
Language:PowerShell262 9 065

siem

wazuh/wazuh

SigmaHQ/sigma

Graylog2/graylog2-server

outflanknl/RedELK

mikeroyal/Digital-Forensics-Guide

mozilla/MozDef

sherifabdlnaby/elastdocker

matanolabs/matano

cyb3rxp/awesome-soc

pfelk/pfelk

mthcht/awesome-lists

netevert/sentinel-attack

mikeroyal/Open-Source-Security-Guide

jaegeral/security-apis

nsacyber/Event-Forwarding-Guidance

tirrenotechnologies/tirreno

ion-storm/sysmon-config

threathunters-io/laurel

tenzir/tenzir

runreveal/pql

TonyPhipps/SIEM

mthcht/ThreatHunting-Keywords

iknowjason/PurpleCloud

mdecrevoisier/EVTX-to-MITRE-Attack

VictoriaMetrics/VictoriaLogs

turbot/tailpipe

TonyPhipps/Meerkat

GACWR/OpenUBA

strontic/xcyclopedia

defenxor/dsiem

panther-labs/panther-analysis

utmstack/UTMStack

olafhartong/ATTACKdatamap

inodee/threathunting-spl

n0dec/MalwLess

eshlomo1/Microsoft-Sentinel-SecOps