CortexDocs
lme
Our great sponsors
CortexDocs | lme | |
---|---|---|
1 | 11 | |
171 | 684 | |
- | - | |
0.0 | 3.4 | |
7 months ago | about 1 year ago | |
Shell | ||
GNU Affero General Public License v3.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
CortexDocs
-
I want to buy a SIEM, but I don't know which one
I also recommend checking out TheHive Project and Cortex. I used these in my SOC days and was super impressed with features, like linking incidents automatically based on reported IOCs. TheHive runs on elasticsearch under the hood, too.
lme
-
SysMon
This may help https://github.com/ukncsc/lme/blob/master/docs/chapter2.md
- Syslog Analyistics for cyberSecurity
-
500+ windows server logging
But if you're still commited: there are too many variables to calculate it with any amount of certainty but you can measure it. Start off by setting up event forwarding on a small batch of test servers with only security audit logs included in the default configuration. Let it run for a few days and measure the usage and extrapolate from there. How to do most of it, you're going to find from MS documentation, but NCSC has a nice summary of it here: https://github.com/ukncsc/lme
- Active Directory monitoring
-
What are the Implications of an automation tool, using PsExec to execute commands (of any kind) on client machines, from a domain controller?
Much appreciated. I'm a sole IT guy in a small shop so always keen to hear what others have found. I'm looking at: https://github.com/ukncsc/lme and Security Onion...
- Sysmon for SME <50 employees?
- All sysmon event types and their fields explained
-
Free EDR solutions
https://github.com/ukncsc/lme is this
-
I want to buy a SIEM, but I don't know which one
Use something based off of a free version of Elasticsearch, like Logging Made Easy: https://github.com/ukncsc/lme or SIEMMonster or Security Onion.
-
Requesting /r/lme - zero posts in 9 years and one inactive mod.
Would also be repurposing sub to be a resource for Logging Made Easy, a community SIEM project by UKNCSC: https://github.com/ukncsc/lme
What are some alternatives?
TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
VictoriaMetrics - VictoriaMetrics: fast, cost-effective monitoring solution and time series database
OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Microsoft.Unity.Analyzers - Roslyn analyzers for Unity game developers
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
graylog2thehive - Create alerts in The Hive from your Graylog alerts, to be turned into Hive cases.
eiq-er-ce - Community Edition of the EclecticIQ Endpoint Security Platform; An open source and extensible platform to manage and monitor endpoints, based on osqery agent