Trending repositories for topic siem

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Main Sigma Rule Repository

Awesome Security lists for SOC/CERT/CTI

Free and open log management

Awesome list of keywords and artifacts for Threat Hunting sessions

Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem

I developed a rigorous cybersecurity project portfolio on mock clients covering NIST, audits, Linux, SQL, assets, threats, vulnerabilities, detection, incident response, escalation, Wireshark, tcpdump...

pfSense/OPNsense + Elastic Stack

Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem

I developed a rigorous cybersecurity project portfolio on mock clients covering NIST, audits, Linux, SQL, assets, threats, vulnerabilities, detection, incident response, escalation, Wireshark, tcpdump...

Awesome Security lists for SOC/CERT/CTI

Awesome list of keywords and artifacts for Threat Hunting sessions

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Main Sigma Rule Repository

pfSense/OPNsense + Elastic Stack

Free and open log management

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Main Sigma Rule Repository

Free and open log management

A collection of sources of documentation, as well as field best practices, to build/run a SOC

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Awesome Security lists for SOC/CERT/CTI

I developed a rigorous cybersecurity project portfolio on mock clients covering NIST, audits, Linux, SQL, assets, threats, vulnerabilities, detection, incident response, escalation, Wireshark, tcpdump...

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

Awesome list of keywords and artifacts for Threat Hunting sessions

Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem

Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

pfSense/OPNsense + Elastic Stack

Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence

Pipelined Query Language

A collective list of public APIs for use in security. Contributions welcome

🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.

I developed a rigorous cybersecurity project portfolio on mock clients covering NIST, audits, Linux, SQL, assets, threats, vulnerabilities, detection, incident response, escalation, Wireshark, tcpdump...

Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem

A collection of sources of documentation, as well as field best practices, to build/run a SOC

Awesome Security lists for SOC/CERT/CTI

Awesome list of keywords and artifacts for Threat Hunting sessions

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence

Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Main Sigma Rule Repository

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Free and open log management

pfSense/OPNsense + Elastic Stack

Pipelined Query Language

A collective list of public APIs for use in security. Contributions welcome

🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Main Sigma Rule Repository

Free and open log management

A collection of sources of documentation, as well as field best practices, to build/run a SOC

Awesome Security lists for SOC/CERT/CTI

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

pfSense/OPNsense + Elastic Stack

Awesome list of keywords and artifacts for Threat Hunting sessions

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

I developed a rigorous cybersecurity project portfolio on mock clients covering NIST, audits, Linux, SQL, assets, threats, vulnerabilities, detection, incident response, escalation, Wireshark, tcpdump...

Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.

Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem

Purpleteam scripts simulation & Detection - trigger events for SOC detections

Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence

A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Indu...

SIEM Tactics, Techiques, and Procedures

I developed a rigorous cybersecurity project portfolio on mock clients covering NIST, audits, Linux, SQL, assets, threats, vulnerabilities, detection, incident response, escalation, Wireshark, tcpdump...

Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem

Awesome Security lists for SOC/CERT/CTI

A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about Security Orchestration, Automation and Response (SOAR).

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).

Purpleteam scripts simulation & Detection - trigger events for SOC detections

Awesome list of keywords and artifacts for Threat Hunting sessions

A collection of sources of documentation, as well as field best practices, to build/run a SOC

An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence

A list of cloud security tools and vendors.

pfSense/OPNsense + Elastic Stack

A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Indu...

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Main Sigma Rule Repository

Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Pipelined Query Language

I developed a rigorous cybersecurity project portfolio on mock clients covering NIST, audits, Linux, SQL, assets, threats, vulnerabilities, detection, incident response, escalation, Wireshark, tcpdump...

Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Main Sigma Rule Repository

Pipelined Query Language

Awesome Security lists for SOC/CERT/CTI

Free and open log management

A collection of sources of documentation, as well as field best practices, to build/run a SOC

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Awesome list of keywords and artifacts for Threat Hunting sessions

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence

🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.

Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

pfSense/OPNsense + Elastic Stack

Fully automated host & network intrusion detection platform. Detects malware from behavioural patterns rather than signatures and enables deeper visibility than legacy tools.

SIEM Tactics, Techiques, and Procedures

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

Tenzir is the data pipeline engine for security teams.

Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

A collective list of public APIs for use in security. Contributions welcome

Fully automated host & network intrusion detection platform. Detects malware from behavioural patterns rather than signatures and enables deeper visibility than legacy tools.

Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence

Awesome Security lists for SOC/CERT/CTI

Awesome list of keywords and artifacts for Threat Hunting sessions

An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.

pySigma backend for generating Grafana Loki/LogQL rules

A list of cloud security tools and vendors.

Sigma detection rules for hunting with the threathunting-keywords project

A collection of sources of documentation, as well as field best practices, to build/run a SOC

A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about Security Orchestration, Automation and Response (SOAR).

Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with standardized metadata and threat intelligence to enable automat...

Purpleteam scripts simulation & Detection - trigger events for SOC detections

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

NHSuite allows users to efficiently manage their QRadar Network Hierarchy. Utilizing the provided QRadar API, users can seamlessly export, import, and fetch domain information in a CSV format.

A collection of various SIEM rules relating to malware family groups.

Threat Detection and Visualization

Collection of scripts, files, and tips to create and maintain networks, hack, and more!

The repository contains artifacts to create and publish reports, alerts, and dashboards based on Azure AD B2C logs. These artifacts can also be used for Security Information & Event Management (SIEM) ...