mpfz0r
commented
Jan 31, 2020
Read more
#
siem
Here are 92 public repositories matching this topic...
thomaspatzke
commented
May 12, 2019
Someone should map publicly available EVTX samples to Sigma rules. This would enable us to automatically test the correctness of generated queries.
Known security-related EVTX repositories:
Feel free to extend the list.
Mapping should be:
Sigma rule -> Repository/EVTX ( -> expected matched
gene1wood
commented
Apr 30, 2020
Currently auth02mozdef.py uses the Auth0 /api/v2/logs endpoint to fetch logs.
Auth0 has, since this was developed, released Auth0 LogStreams which uses AWS EventBridge.
Please switch
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
-
Updated
May 20, 2020 - CSS
vburov
commented
Apr 17, 2019
Event with ID = 7045 from System log has incorrect source in section "Software and Service Installation" of "Recommended Events to Collect" document.
Correct source for this event is "Service Control Manager":
- Provider
[ Name] Service Control Manager
[ Guid] {555908d1-a6d7-4695-8e1e-26931d2012f4}
[ EventSourceName] Service Control Manager - EventID 7045
Also, I create
lennartkoopmann
opened
Jun 29, 2019
A collective list of public JSON APIs for use in security. Contributions welcome
-
Updated
Jan 11, 2020
candlerb
commented
Oct 29, 2019
Is your feature request related to a problem? Please describe.
I have some issues around the "date" and "time" fields which come from syslog, either as pipe-delimited fields or as mapped JSON fields.
The fundamental question is: are these fields actually used for anything, apart from being included in alert messages? And does it matter if the format is not YYYY-MM-DD or HH:MM:SS?
**
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
-
Updated
Nov 8, 2019 - PowerShell
EdgeSync
commented
Feb 28, 2020
Hi DSIEM people,
Not really an issue per-se, but I'm struggling to understand how you actually implement Intel Feeds for DSIEM.
From what I can gather, you are using Wise for Moloch to collect intel from various sources. But what I'm having trouble understanding is how you grab the normalized event, and then check the data in that event against a piece of intel.
I have read https://githu
Test Blue Team detections without running any attack.
-
Updated
Apr 29, 2020 - C#
-
Updated
Jun 3, 2020 - C++
daanraman
commented
Mar 31, 2020
Was recently added in outliers and I'm not sure that this is properly documented.
@michielmeersmans could provide input too, who developed this.
Splunk code (SPL) useful for serious threat hunters.
-
Updated
Mar 21, 2018
SIAC is an enterprise SIEM built on open-source technology.
aws
security
incident-response
elk
intrusion-detection
pci-dss
compliance
siem
osquery
fim
secdevops
wazuh
-
Updated
Oct 31, 2018
Open Source SIEM (Security Information and Event Management system).
security
security-audit
log-analysis
log
syslog
web-application
log-collector
forensics
secops
siem
log-management
risk-assessment
log-parser
vulnerability-management
risk-management
security-tools
log-monitoring
security-analysis
asset-management
security-awareness
-
Updated
Feb 22, 2020 - Python
Curated list of awesome cybersecurity companies and solutions.
-
Updated
Apr 20, 2017
Tools to create a Native Windows Audit Collection Platform. Active Directory example provided
-
Updated
Nov 5, 2019 - PowerShell
1
kaiiyer
commented
Mar 29, 2020
- Adding a project wiki
- Improving the existing documentation and publishing using Github pages for starters
- For the installation of ELK on platforms like Mac, Linux, Windows we can add an additional section or else we can use a shell script for automating the whole ELK installation process
- This installation script can be added to docker too
A Lambda-powered Security Orchestration framework for AWS GuardDuty
aws
cloud
aws-lambda
incident-response
cybersecurity
siem
threatintel
aws-security
blueteam
cloudsecurity
soar
aws-guardduty
-
Updated
Dec 15, 2019 - Python
The largest Sentinel detection use case library; built in AZSentinel JSON format for automated upload into Azure
-
Updated
Jan 1, 2020
Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook
-
Updated
May 24, 2020 - Shell
A SIEM inspired by HECTOR, built on Django.
-
Updated
Apr 16, 2019 - Python
Demo for Elastic's Auditbeat and SIEM
-
Updated
May 15, 2020 - HCL
Improve this page
Add a description, image, and links to the siem topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the siem topic, visit your repo's landing page and select "manage topics."