Repository navigation
siem
- Website
- Wikipedia
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Main Sigma Rule Repository
Free and open log management
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
A collection of sources of documentation, as well as field best practices, to build/run a SOC
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
Awesome Security lists for SOC/CERT/CTI
A collective list of public APIs for use in security. Contributions welcome
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
Transform Linux Audit logs for SIEM usage
Tenzir is the data pipeline engine for security teams.
Pipelined Query Language
A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4