siem
There are 351 repositories under siem topic.
wazuh/wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
SigmaHQ/sigma
Main Sigma Rule Repository
Graylog2/graylog2-server
Free and open log management
outflanknl/RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
mozilla/MozDef
DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
sherifabdlnaby/elastdocker
🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
mikeroyal/Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
matanolabs/matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
cyb3rxp/awesome-soc
A collection of sources of documentation, as well as field best practices, to build/run a SOC
netevert/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
pfelk/pfelk
pfSense/OPNsense + Elastic Stack
mikeroyal/Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
jaegeral/security-apis
A collective list of public APIs for use in security. Contributions welcome
nsacyber/Event-Forwarding-Guidance
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
ion-storm/sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
runreveal/pql
Pipelined Query Language
tenzir/tenzir
Open source security data pipelines.
TonyPhipps/SIEM
SIEM Tactics, Techiques, and Procedures
iknowjason/PurpleCloud
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
mdecrevoisier/EVTX-to-MITRE-Attack
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
defenxor/dsiem
Security event correlation engine for ELK stack
TonyPhipps/Meerkat
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
strontic/xcyclopedia
Encyclopedia for Executables
GACWR/OpenUBA
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]
mthcht/ThreatHunting-Keywords
Awesome list of keywords and artifacts for Threat Hunting sessions
olafhartong/ATTACKdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
n0dec/MalwLess
Test Blue Team detections without running any attack.
inodee/threathunting-spl
Splunk code (SPL) for serious threat hunters and detection engineers.
beave/sagan
** README ** This repo has MOVED to https://github.com/quadrantsec/sagan
eshlomo1/Microsoft-Sentinel-SecOps
Microsoft Sentinel SOC Operations
NVISOsecurity/ee-outliers
Open-source framework to detect outliers in Elasticsearch events
G-Research/siembol
An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.
ashwin-patil/blue-teaming-with-kql
Repository with Sample KQL Query examples for Threat Hunting
utmstack/UTMStack
Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence
dogoncouch/LogESP
Open Source SIEM (Security Information and Event Management system).
Cargill/OpenSIEM-Logstash-Parsing
SIEM Logstash parsing for more than hundred technologies