{"id":13683106,"url":"https://github.com/V1D1AN/S1EM","last_synced_at":"2025-04-30T12:33:26.268Z","repository":{"id":41401302,"uuid":"366346987","full_name":"V1D1AN/S1EM","owner":"V1D1AN","description":"This project is a SIEM with SIRP and Threat Intel, all in one.","archived":false,"fork":false,"pushed_at":"2024-01-21T13:22:55.000Z","size":11202,"stargazers_count":401,"open_issues_count":2,"forks_count":77,"subscribers_count":18,"default_branch":"master","last_synced_at":"2024-08-02T13:34:53.956Z","etag":null,"topics":["arkime","cortex","docker","elasticsearch","filebeat","kibana","logstash","malware","misp","mwdb","n8n","opencti","sigma","suricata","thehive","velociraptor","yara","zeek","zircolite"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/V1D1AN.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":"auditbeat/auditbeat-multi.yml","citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-11T10:45:54.000Z","updated_at":"2024-07-29T17:11:43.000Z","dependencies_parsed_at":"2024-08-02T13:37:18.013Z","dependency_job_id":null,"html_url":"https://github.com/V1D1AN/S1EM","commit_stats":null,"previous_names":[],"tags_count":28,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/V1D1AN%2FS1EM","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/V1D1AN%2FS1EM/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/V1D1AN%2FS1EM/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/V1D1AN%2FS1EM/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/V1D1AN","download_url":"https://codeload.github.com/V1D1AN/S1EM/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224211959,"owners_count":17274347,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arkime","cortex","docker","elasticsearch","filebeat","kibana","logstash","malware","misp","mwdb","n8n","opencti","sigma","suricata","thehive","velociraptor","yara","zeek","zircolite"],"created_at":"2024-08-02T13:02:00.457Z","updated_at":"2024-11-12T03:30:23.887Z","avatar_url":"https://github.com/V1D1AN.png","language":"Shell","funding_links":["https://www.paypal.com/donate/?business=DUEQFS9Z2E9XW\u0026no_recurring=0\u0026item_name=If+this+project+help+you+reduce+time+to+develop%2C+you+can+give+me+a+cup+of+coffee+%3A%29\u0026currency_code=EUR"],"categories":["Shell"],"sub_categories":[],"readme":"![20210518_v1d1an_bg1--white](https://user-images.githubusercontent.com/18678787/119020235-49428680-b99e-11eb-8621-935a62b966e1.png)\n\u003cdiv\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://discord.gg/uFBzr8fWmC\" target\"_blank\"\u003e\u003cimg src=\"https://img.shields.io/badge/chat-on%20discord-7289da.svg?sanitize=true\" alt=\"Discord\"\u003e\u003c/a\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Platform-Lin-green\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Architecture-64bit-red\"\u003e\n    \u003ca href=\"https://www.paypal.com/donate/?business=DUEQFS9Z2E9XW\u0026no_recurring=0\u0026item_name=If+this+project+help+you+reduce+time+to+develop%2C+you+can+give+me+a+cup+of+coffee+%3A%29\u0026currency_code=EUR\" target\"_blank\"\u003e\u003cimg src=\"https://img.shields.io/badge/Donate-PayPal-green.svg\"\u003e\n  \u003c/p\u003e\n\u003c/div\u003e\n\n# Objectives\nToday, cyber attacks are more numerous and cause damage in companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable.\n\nS1EM is a SIEM with SIRP and Threat Intel, a full packet capture, all in one.\n\nInside the solution:\n\n* Elasticsearch ( 1 node or Cluster )\n* Kibana\n* Filebeat\n* Logstash\n* Metricbeat\n* Heartbeat\n* Auditbeat\n* Fleet\n* N8n\n* Zircolite\n* Velociraptor\n* Spiderfoot\n* Syslog-ng\n* Elastalert\n* TheHive\n* Cortex ( With Mwdb, Capa, Yara, FileInfo, AssemblyLine )\n* MISP\n* OpenCTI \n* Arkime\n* Suricata\n* Zeek\n* Mwdb\n* Traefik\n* Codimd\n* Watchtower\n* Homer\n\n![S1EM](https://user-images.githubusercontent.com/18678787/226611253-91a9f2d5-748f-4900-a3e2-0b38f22e7218.png)\n\n# Guides\n- :exclamation:[Installation Guide](https://github.com/V1D1AN/S1EM/wiki/Installation-Guide)\n- [Access Guide](https://github.com/V1D1AN/S1EM/wiki/Access-guide)\n- [Configuration Guide](https://github.com/V1D1AN/S1EM/wiki/Configuration-guide)\n- [Upgrade guide](https://github.com/V1D1AN/S1EM/wiki/Upgrade-guide)\n- [Detection Guide](https://github.com/V1D1AN/S1EM/wiki/Detection-guide)\n- [Incident Response Guide](https://github.com/V1D1AN/S1EM/wiki/Incident-response-guide)\n- [Threat Intel Guide](https://github.com/V1D1AN/S1EM/wiki/Threat-intel-guide)\n- [Agent Guide](https://github.com/V1D1AN/S1EM/wiki/agent-guide)\n- [Architecture Guide](https://github.com/V1D1AN/S1EM/wiki/Architecture-guide)\n- [Troubleshooting Guide](https://github.com/V1D1AN/S1EM/wiki/Troubleshooting-guide)\n- [SOAR](https://github.com/V1D1AN/S1EM/wiki/Soar-guide)\n- [Use EDR Elastic with S1EM](https://github.com/V1D1AN/S1EM/wiki/Edr-guide)\n- [Use TPOT with S1EM](https://github.com/V1D1AN/S1EM/wiki/Tpot-guide)\n- [Screenshot of S1EM](https://github.com/V1D1AN/S1EM/wiki/Screenshot-of-S1EM)\n\n# Try S1EM\n\nFor EVTX File, you can try S1EM (Zircolite) with [EVTX-ATTACK-SAMPLES](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES). \u003cbr /\u003e\nFor Pcap File, you can try S1EM (Suricata/Zeek/Mwdb) with [MALWARE-TRAFFIC-ANALYSIS](https://www.malware-traffic-analysis.net/index.html).\n\n# Discord\n\nThe serveur discord of S1EM : https://discord.gg/uFBzr8fWmC\n\n# Roadmap\n\n- [ ] Add OpenCVE\n- [ ] The complete documentation\n- [ ] SSO\n- [ ] Interact with Lab-DFIR-SOC (https://github.com/StevenDias33/Lab-DFIR-SOC)\n- [x] Add Capa ( In cortex )\n- [x] Add Zircolite\n- [x] Add Velociraptor\n- [ ] Installation of S1EM with Ansible\n- [ ] Integration in Secubian (https://github.com/kidrek/secubian)\n- [ ] Integration of T-POT (https://github.com/telekom-security/tpotce)\n\n# Related project\n\nhttps://www.elastic.co \u003cbr /\u003e\nhttps://github.com/TheHive-Project/Docker-Templates \u003cbr /\u003e\nhttps://github.com/jasonish/docker-suricata \u003cbr /\u003e\nhttps://github.com/blacktop/docker-zeek \u003cbr /\u003e\nhttps://github.com/rskntroot/arkime \u003cbr /\u003e\nhttps://github.com/coolacid/docker-misp \u003cbr /\u003e\nhttps://github.com/m0ns7er/ElasticXDR\u003cbr /\u003e\nhttps://github.com/jertel/elastalert-docker \u003cbr /\u003e\nhttps://github.com/OpenCTI-Platform/docker \u003cbr /\u003e\nhttps://github.com/CERT-Polska/mwdb-core \u003cbr /\u003e\nhttps://github.com/SigmaHQ/sigma \u003cbr /\u003e\nhttps://github.com/Yara-Rules/rules \u003cbr /\u003e\nhttps://traefik.io/ \u003cbr /\u003e\nhttps://docs.linuxserver.io/images/docker-heimdall \u003cbr /\u003e\nhttps://github.com/cisagov/Malcolm \u003cbr /\u003e\nhttps://github.com/blueimp/jQuery-File-Upload \u003cbr /\u003e\nhttps://gchq.github.io/CyberChef/ \u003cbr /\u003e\nhttps://www.syslog-ng.com/ \u003cbr /\u003e\nhttps://github.com/bastienwirtz/homer \u003cbr /\u003e\nhttps://github.com/wagga40/zircolite \u003cbr /\u003e\nhttps://github.com/weslambert \u003cbr /\u003e\nhttps://github.com/Velocidex/velociraptor \u003cbr /\u003e \n\n\n\n# Special thanks\nEn français cette fois. \u003cbr /\u003e\nMerci à mes amis et collègues qui m´ont inspiré toutes ces années, qui m´ont aidé, et corrigé des bugs.\nJe pense à Kidrek, Juju, mlp1515, Wagga40, Xophidia, StevenDias33, Frak113, HiPizzaa,et tous ceux qui n´ont pas forcement de compte github. \u003cbr /\u003e\nMerci à vous :)\n\nLiens github: \u003cbr /\u003e\nhttps://github.com/kidrek \u003cbr /\u003e\nhttps://github.com/mlp1515 \u003cbr /\u003e\nhttps://github.com/frack113 \u003cbr /\u003e\nhttps://github.com/StevenDias33 \u003cbr /\u003e\nhttps://github.com/wagga40 \u003cbr /\u003e\nhttps://github.com/xophidia \u003cbr /\u003e\n\n# Special thanks in english\nThanks to @Mcdave2k1 for your pull requests\n\n# Donate\nIf this project help you reduce time to develop, you can give me a cup of coffee :) \u003cbr /\u003e\n\n[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/donate/?business=DUEQFS9Z2E9XW\u0026no_recurring=0\u0026item_name=If+this+project+help+you+reduce+time+to+develop%2C+you+can+give+me+a+cup+of+coffee+%3A%29\u0026currency_code=EUR)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FV1D1AN%2FS1EM","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FV1D1AN%2FS1EM","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FV1D1AN%2FS1EM/lists"}