Top 23 Siem Open-Source Projects

• Wazuh

  151 9,018 10.0 C

  Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

  

  Project mention: Exclude certain CIS (sca) rules from agents | /r/Wazuh | 2023-12-11

  There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.

• sigma

  41 7,563 9.9 Python

  Main Sigma Rule Repository

  

  Project mention: Sigma rules in real life | /r/cybersecurity | 2023-10-14

  Sigma rules https://github.com/SigmaHQ/sigma its value, I get it. Here’s a post https://www.linkedin.com/posts/nasreddinebencherchali_detection-blueteam-sigma-activity-7104868070069817344-mn91?utm_source=share&utm_medium=member_desktop detailing that 31 Sigma rules from the Sigma repository are triggering on different stages of the attack as described here https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/

• InfluxDB

  www.influxdata.com

  sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• graylog

  46 7,039 10.0 Java

  Free and open log management

  

  Project mention: graylog VS openobserve - a user suggested alternative | libhunt.com/r/graylog2-server | 2023-09-07

• RedELK

  5 2,282 7.1 Python

  Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

  

  Project mention: What project ideas are there for a cybersecurity homelab? | /r/AskNetsec | 2023-06-04

  Play with RedELK for learning ELK and monitoring blue team activities - https://github.com/outflanknl/RedELK

• elastdocker

  5 1,709 4.6 Dockerfile

  🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.

• matano

  38 1,347 7.0 Rust

  Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

  

  Project mention: Cisco Acquires Splunk | news.ycombinator.com | 2023-09-21

  sorry thats https://matano.dev

• Digital-Forensics-Guide

  6 1,331 6.4 Python

  Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

  Project mention: Most used DFIR tools | /r/cybersecurity | 2023-12-10

  If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up. https://github.com/mikeroyal/Digital-Forensics-Guide

• WorkOS

  workos.com

  sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• pfelk

  23 978 9.1 Shell

  pfSense/OPNsense + Elastic Stack

  

  Project mention: Best way to use my SFF PCs | /r/selfhosted | 2023-12-07

  I understood that OPNsense runs fine with 8GB RAM and a relatively weak CPU, but then I saw this, which provides extended search and visualisation features to help you use the data created by OPNsense, and it recommends 32GB. pfelk/pfelk: pfSense/OPNsense + Elastic Stack (github.com)

• Open-Source-Security-Guide

  23 842 6.4 Go

  Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

• sysmon-config

  1 747 7.2 PowerShell

  Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)

• pql

  3 613 9.0 Go

  Pipelined Query Language

  

  Project mention: FLaNK 04 March 2024 | dev.to | 2024-03-04

• tenzir

  15 608 10.0 C++

  Open source security data pipelines.

  

  Project mention: Vector: A high-performance observability data pipeline | news.ycombinator.com | 2024-03-17

  We're building something similar at Tenzir, but more for operational security workloads. https://docs.tenzir.com

  Differences to Vector:

  - An agent has optional indexed storage, so you can store your data there and pick it up later. The storage is based on Apache Feather, Parquet's little brother.

  - Pipelines operators both work with data frames (Arrow record batches) or chunks of bytes.

  - Structured pipelines are multi-schema, i.e., a single pipeline can process streams of record batches with different schemas.

• SIEM

  1 512 6.4

  SIEM Tactics, Techiques, and Procedures

• EVTX-to-MITRE-Attack

  2 476 3.7

  Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

• PurpleCloud

  1 472 5.5 Python

  A little tool to play with Azure Identity - Azure Active Directory lab creation tool

• dsiem

  3 430 6.3 Go

  Security event correlation engine for ELK stack

  

• ThreatHunting-Keywords

  1 332 9.4 HTML

  Awesome list of keywords and artifacts for Threat Hunting sessions

  Project mention: List of offensive tools keywords for ThreatHunting | /r/cybersecurity | 2023-05-18

  more information here: https://github.com/mthcht/ThreatHunting-Keywords

• threathunting-spl

  2 255 4.1

  Splunk code (SPL) for serious threat hunters and detection engineers.

• blue-teaming-with-kql

  1 187 10.0

  Repository with Sample KQL Query examples for Threat Hunting

• UTMStack

  1 179 9.7 Java

  Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence

  

  Project mention: UTMStack: Open-Source SIEM, XDR Powered by Real-Time Correlation | news.ycombinator.com | 2024-02-14

• OpenSIEM-Logstash-Parsing

  2 174 8.7 Python

  SIEM Logstash parsing for more than hundred technologies

  

• Purpleteam

  1 119 8.3 PowerShell

  Purpleteam scripts simulation & Detection - trigger events for SOC detections

• impulse-xdr

  3 96 7.3 Python

  Fully automated host & network intrusion detection platform. Detects malware from behavioural patterns rather than signatures and enables deeper visibility than legacy tools.

  Project mention: New host intrusion detection system Impulse | news.ycombinator.com | 2024-04-01

• SaaSHub

  www.saashub.com

  sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Siem related posts

• Pql, a pipelined query language that compiles to SQL (written in Go)
  6 projects | news.ycombinator.com | 28 Feb 2024
• Sigma rules in real life
  1 project | /r/cybersecurity | 14 Oct 2023
• Cisco Acquires Splunk
  5 projects | news.ycombinator.com | 21 Sep 2023
• Looking for feedback on a security-related project idea
  2 projects | /r/AskNetsec | 5 Jul 2023
• SysmonConfigPusher: Pushes Sysmon Configs - 2 years old, but wasn't included at the time
  1 project | /r/blueteamsec | 11 Jun 2023
• SOC SIEM Use Cases for First Internship
  1 project | /r/cybersecurity | 10 Jun 2023
• DevOps and Security: DevSecOps
  3 projects | dev.to | 5 Jun 2023
• A note from our sponsor - InfluxDB
  www.influxdata.com | 17 Apr 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com