Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 Siem Open-Source Projects
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.
-
Sigma rules https://github.com/SigmaHQ/sigma its value, I get it. Here’s a post https://www.linkedin.com/posts/nasreddinebencherchali_detection-blueteam-sigma-activity-7104868070069817344-mn91?utm_source=share&utm_medium=member_desktop detailing that 31 Sigma rules from the Sigma repository are triggering on different stages of the attack as described here https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Project mention: graylog VS openobserve - a user suggested alternative | libhunt.com/r/graylog2-server | 2023-09-07
-
RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Project mention: What project ideas are there for a cybersecurity homelab? | /r/AskNetsec | 2023-06-04Play with RedELK for learning ELK and monitoring blue team activities - https://github.com/outflanknl/RedELK
-
elastdocker
🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
-
matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
sorry thats https://matano.dev
-
Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up. https://github.com/mikeroyal/Digital-Forensics-Guide
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
I understood that OPNsense runs fine with 8GB RAM and a relatively weak CPU, but then I saw this, which provides extended search and visualisation features to help you use the data created by OPNsense, and it recommends 32GB. pfelk/pfelk: pfSense/OPNsense + Elastic Stack (github.com)
-
Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
-
sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)
-
-
Project mention: Vector: A high-performance observability data pipeline | news.ycombinator.com | 2024-03-17
We're building something similar at Tenzir, but more for operational security workloads. https://docs.tenzir.com
Differences to Vector:
- An agent has optional indexed storage, so you can store your data there and pick it up later. The storage is based on Apache Feather, Parquet's little brother.
- Pipelines operators both work with data frames (Arrow record batches) or chunks of bytes.
- Structured pipelines are multi-schema, i.e., a single pipeline can process streams of record batches with different schemas.
-
-
EVTX-to-MITRE-Attack
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
-
-
-
more information here: https://github.com/mthcht/ThreatHunting-Keywords
-
-
-
Project mention: UTMStack: Open-Source SIEM, XDR Powered by Real-Time Correlation | news.ycombinator.com | 2024-02-14
-
-
-
impulse-xdr
Fully automated host & network intrusion detection platform. Detects malware from behavioural patterns rather than signatures and enables deeper visibility than legacy tools.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Siem related posts
- Pql, a pipelined query language that compiles to SQL (written in Go)
- Sigma rules in real life
- Cisco Acquires Splunk
- Looking for feedback on a security-related project idea
- SysmonConfigPusher: Pushes Sysmon Configs - 2 years old, but wasn't included at the time
- SOC SIEM Use Cases for First Internship
- DevOps and Security: DevSecOps
-
A note from our sponsor - InfluxDB
www.influxdata.com | 17 Apr 2024
Index
What are some of the best open-source Siem projects? This list will help you:
Project | Stars | |
---|---|---|
1 | Wazuh | 9,018 |
2 | sigma | 7,563 |
3 | graylog | 7,039 |
4 | RedELK | 2,282 |
5 | elastdocker | 1,709 |
6 | matano | 1,347 |
7 | Digital-Forensics-Guide | 1,331 |
8 | pfelk | 978 |
9 | Open-Source-Security-Guide | 842 |
10 | sysmon-config | 747 |
11 | pql | 613 |
12 | tenzir | 608 |
13 | SIEM | 512 |
14 | EVTX-to-MITRE-Attack | 476 |
15 | PurpleCloud | 472 |
16 | dsiem | 430 |
17 | ThreatHunting-Keywords | 332 |
18 | threathunting-spl | 255 |
19 | blue-teaming-with-kql | 187 |
20 | UTMStack | 179 |
21 | OpenSIEM-Logstash-Parsing | 174 |
22 | Purpleteam | 119 |
23 | impulse-xdr | 96 |