#Siem
Showing 60 of 69 repositories tagged #siem, ranked by stars
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Main Sigma Rule Repository
Free and open log management
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
๐ณ Elastic Stack (ELK) v9+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
Fast and easy to use database for logs, which can efficiently handle terabytes of logs
A curated knowledge base to build, run and mature a SOC (including CSIRT).
Awesome Security lists for SOC/CERT/CTI
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Open-source AI-powered Security Operations Center โ alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.
pfSense/OPNsense + Elastic Stack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
A collective list of public APIs for use in security. Contributions welcome
Agentic SOC Platform: A powerful, flexible, open-source, and agent-centric automated security operations platform (AI SOC)
Transform Linux Audit logs for SIEM usage
Tenzir is the data pipeline engine for security teams.
SIEM Tactics, Techiques, and Procedures
Pipelined Query Language
Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
select * from logs; Tailpipe is an open source SIEM for instant log insights, powered by DuckDB. Analyze millions of events in seconds, right from your terminal.
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [BETA]
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Built-in Panther detection rules and policies
Security event correlation engine for ELK stack
ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy.
๐ฅ๐ฅ๐ฅ AI security automation platform. Build visual workflows, deploy autonomous agents, and automate threat detection and response. 80+ integrations with SIEM, EDR, ticketing, and cloud tools. Self-hosted SOAR alternative.
I developed a rigorous cybersecurity project portfolio on mock clients covering NIST, audits, Linux, SQL, assets, threats, vulnerabilities, detection, incident response, escalation, Wireshark, tcpdump, IDS (Suricata), SIEM (Splunk, Chronicle), and Python automation.
Automated Use Case Testing
Curated list of awesome cybersecurity companies and solutions.
The switchboard for the agent era. Per-channel isolation, encrypted credential vault, per-session hash-chained audit log. Single static Rust binary.
Build AI-powered security tools. 50+ hands-on labs covering ML, LLMs, RAG, threat detection, DFIR, and red teaming. Includes Colab notebooks, Docker environment, and CTF challenges.
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
Fully automated host & network intrusion detection platform. Detects malware from behavioural patterns rather than signatures and enables deeper visibility than legacy tools.
SOAR Automation with Shuffle, Wazuh & TheHive | This project integrates Shuffle SOAR, Wazuh SIEM, and TheHive to automate security incident response. It enriches alerts using VirusTotal & AbuseIPDB, creates incidents in TheHive, and sends real-time Discord notifications.
Repository for SOC analysts, queries to investigate, advanced hunting, sites for analysis, malware samples, courses to improve skills, IOC and monitoring.
Open-source security suite for OSINT, web scanning, API testing, SIEM integration, and AI-powered analysis
Kong API Manager with Prometheus And Graylog
Unofficial third-party scripts, playbooks, and content for IBM QRadar & QRadar Community Edition.
A complete Sigma detection engineering toolkit: parser, linter, evaluator, correlation engine, conversion framework, streaming daemon, MCP and LSP servers :crab:
HoneyWire: The Open-Source, Unlimited Deception Platform. Turn any Linux machine into an enterprise-grade canary in 60 seconds.
Import specific data sources into the Sigma generic and open signature format.
Collection of scripts, files, and tips to create and maintain networks, hack, and more!
Decoders and Rules for Fortigate in Wazuh
LLM-powered security log analyzer: detect threats & anomalies with zero regex โ just declare a Pydantic schema. Real-time Telegram alerts, SIEM-ready with Elasticsearch/Kibana. Supports OpenAI, Ollama, vLLM.
SEKOIA.IO Documentation - The Intelligence-Driven SaaS SIEM
Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook
A Lambda-powered Security Orchestration framework for AWS GuardDuty
WinLogAgent - A user-friendly, modern, and readily deployable Windows log collection client that makes it easy to forward collected logs to a SOC or SIEM.
The most comprehensive, step-by-step roadmap for breaking into defensive cybersecurity. From absolute zero to your first Blue Team role. Every skill, tool, certification, and resource you need. No experience required.
Realistic synthetic events for testing, demos, and pipelines โ streamed live or generated in bulk
๐ก๏ธ Free AI that blocks hackers while you sleep. Runs on cheap hardware. When someone in Tokyo gets attacked, you're protected in 30 seconds. No fees. No experts needed. Just protection. One node's detection โ everyone's protection.
This repository will describe the details surrounding the SIEM (wazuh) mini project, which will cover all aspects of topology design, deployment, rules, integration, and fine tune.
AI-powered SOC for OT/ICS networks โ 6 autonomous agents, MITRE ATT&CK mapping, Suricata/Zeek ingestion, human-in-the-loop response, 330+ tests. Open-source alternative to Claroty/Dragos for SMBs.
MP SIEM SDK
Comprehensive pfSense deployment, monitoring, and security knowledge base: From basic configuration to advanced SIEM infrastructure, IDS/IPS optimization, and network security automation.
Investigating attacks using Splunk Enterprise logs and creating SPL intrusion detection searches based on known attacker TTPs and anomaly behavior derived from statistical baselines
A structured repository designed for cybersecurity professionals and enthusiasts. Covers topics such as OSINT, NMAP, WAPT, PTES, IDS/IPS, SIEM, malware analysis, privilege escalation, and more. Ideal for mastering ethical hacking, penetration testing, and advanced security techniques.
NHSuite allows users to efficiently manage their QRadar Network Hierarchy. Utilizing the provided QRadar API, users can seamlessly export, import, and fetch domain information in a CSV format.