#
siem
Here are 193 public repositories matching this topic...
thomaspatzke
commented
Oct 13, 2020
The generic Windows audit log config lacks many event ids, e.g.
- registry events
- driver load service addition events, System/7045 and Security/4697
- likely others
DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
-
Updated
Nov 2, 2021 - Python
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
-
Updated
Jun 7, 2022 - Python
docker
elasticsearch
kibana
elasticstack
logstash
docker-compose
elk
siem
observability
elk-stack
docker-compos-template
-
Updated
May 24, 2022 - Dockerfile
Nzyme is a free and open next-generation WiFi defense system. Go to www.nzyme.org for more information.
-
Updated
May 15, 2022 - Java
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
azure
detection
logging
cybersecurity
sysmon
threat-hunting
siem
security-tools
blue-team
mitre-attack
workbooks
sysmon-config
terraform-azure
kql
azure-sentinel
-
Updated
Apr 27, 2021 - HCL
pfSense/OPNsense + Elastic Stack
visualization
docker
ansible
elasticsearch
kibana
elasticstack
logstash
firewall
logs
opnsense
maxmind
siem
elastic
pfsense
unbound
-
Updated
Jun 3, 2022 - Shell
A collective list of public APIs for use in security. Contributions welcome
-
Updated
Feb 12, 2022
lava
commented
Oct 21, 2021
With CAF 0.18, actor names must be constant strings. The active and passive partition carry their human-readable name in the variable self->state.name already.
In active_partition.cpp and passive_partition.cpp we currently have a lot of log messages using the actor name rather than the human-readable partition name. We need to change them like this:
VAST_DEBUG("{} persists pSecurity event correlation engine for ELK stack
-
Updated
Jun 1, 2022 - Go
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
-
Updated
Nov 3, 2020 - PowerShell
Encyclopedia for Executables
-
Updated
Nov 9, 2021 - PowerShell
Set of EVTX samples (>170) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases.
-
Updated
Jun 11, 2022
Test Blue Team detections without running any attack.
-
Updated
Oct 11, 2021 - C#
** README ** This repo has MOVED to https://github.com/quadrantsec/sagan
-
Updated
Feb 9, 2021
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]
react
nodejs
flask
security
elasticsearch
machine-learning
spark
analytics
tensorflow
sklearn
elk
datascience
cybersecurity
siem
information-security
uba
anomaly-detection
user-behaviour
ueba
threathunting
-
Updated
Jun 1, 2022 - Python
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
-
Updated
May 18, 2022 - Python
daanraman
commented
Apr 3, 2019
Open Source SIEM (Security Information and Event Management system).
security
security-audit
log-analysis
log
syslog
web-application
log-collector
forensics
secops
siem
log-management
risk-assessment
log-parser
vulnerability-management
risk-management
security-tools
log-monitoring
security-analysis
asset-management
security-awareness
-
Updated
May 17, 2022 - Python
Microsoft Sentinel 4 SecOps
microsoft
security
azure
incident-response
secops
threat-hunting
siem
hunting
soc
ir
cloudsecurity
threat-intelligence
azure-sentinel
microsoft-sentinel
-
Updated
May 31, 2022 - PowerShell
Repository with Sample KQL Query examples for Threat Hunting
-
Updated
Aug 6, 2021
SIAC is an enterprise SIEM built on open-source technology.
aws
security
incident-response
elk
intrusion-detection
pci-dss
compliance
siem
osquery
fim
secdevops
wazuh
-
Updated
Oct 31, 2018
Improve this page
Add a description, image, and links to the siem topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the siem topic, visit your repo's landing page and select "manage topics."
I have noticed when ingesting backlog(older timestamped data) that the "Messages per minute" line graph and "sources" data do not line up.
The Messages per minute appear to be correct for the ingest rate, but the sources breakdown below it only show messages for each type from within the time window via timestamp. This means in the last hour if you've ingested logs from 2 days ago, the data is