#
siem
Here are 137 public repositories matching this topic...
thomaspatzke
commented
Oct 13, 2020
The generic Windows audit log config lacks many event ids, e.g.
- registry events
- driver load service addition events, System/7045 and Security/4697
- likely others
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
-
Updated
Mar 17, 2021 - Python
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
azure
detection
logging
cybersecurity
sysmon
threat-hunting
siem
security-tools
blue-team
mitre-attack
workbooks
sysmon-config
terraform-azure
kql
azure-sentinel
-
Updated
Mar 2, 2021 - HCL
A collective list of public JSON APIs for use in security. Contributions welcome
-
Updated
Feb 1, 2021
Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.
-
Updated
Mar 11, 2021 - Java
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
-
Updated
Nov 3, 2020 - PowerShell
Security event correlation engine for ELK stack
-
Updated
Mar 13, 2021 - Go
** README ** This repo has MOVED to https://github.com/quadrantsec/sagan
-
Updated
Feb 9, 2021
-
Updated
Mar 18, 2021 - C++
Test Blue Team detections without running any attack.
-
Updated
Oct 8, 2020 - C#
daanraman
commented
Apr 3, 2019
Encyclopedia for Executables
-
Updated
Jan 16, 2021 - PowerShell
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]
react
nodejs
flask
security
elasticsearch
machine-learning
spark
analytics
tensorflow
sklearn
elk
datascience
cybersecurity
siem
information-security
uba
anomaly-detection
user-behaviour
ueba
threathunting
-
Updated
Nov 13, 2020 - Python
Splunk code (SPL) useful for serious threat hunters.
-
Updated
Mar 3, 2021
Open Source SIEM (Security Information and Event Management system).
security
security-audit
log-analysis
log
syslog
web-application
log-collector
forensics
secops
siem
log-management
risk-assessment
log-parser
vulnerability-management
risk-management
security-tools
log-monitoring
security-analysis
asset-management
security-awareness
-
Updated
Jun 5, 2020 - Python
SIAC is an enterprise SIEM built on open-source technology.
aws
security
incident-response
elk
intrusion-detection
pci-dss
compliance
siem
osquery
fim
secdevops
wazuh
-
Updated
Oct 31, 2018
Curated list of awesome cybersecurity companies and solutions.
-
Updated
Apr 20, 2017
Tools to create a Native Windows Audit Collection Platform. Active Directory example provided
-
Updated
Nov 5, 2019 - PowerShell
Import specific data sources into the Sigma generic and open signature format.
-
Updated
Jun 9, 2020 - Go
A Lambda-powered Security Orchestration framework for AWS GuardDuty
aws
cloud
aws-lambda
incident-response
cybersecurity
siem
threatintel
aws-security
blueteam
cloudsecurity
soar
aws-guardduty
-
Updated
Dec 15, 2019 - Python
Repository with Sample KQL Query examples for Threat Hunting
-
Updated
Feb 19, 2021
Improve this page
Add a description, image, and links to the siem topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the siem topic, visit your repo's landing page and select "manage topics."
Expected Behavior
As a user, I may want to mute Elasticsearch deprecation warnings, because I cannot fix them immediately and want to prevent flooding logs with repeated messages.
There should be a configuration option in the config file that mutes ES deprecation warnings.
Current Behavior