{"id":26779454,"url":"https://github.com/nubbsterr/elk-siem-setup","last_synced_at":"2025-03-29T06:17:05.506Z","repository":{"id":285014145,"uuid":"956796557","full_name":"nubbsterr/ELK-SIEM-Setup","owner":"nubbsterr","description":"A guide for building your own SIEM using the ELK stack and other plugins. Courtesy of the internet and other sources.","archived":false,"fork":false,"pushed_at":"2025-03-28T22:31:48.000Z","size":1,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-28T23:27:40.823Z","etag":null,"topics":["cybersecurity","elasticsearch","elk","elk-stack","kibana","linux","siem"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nubbsterr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-28T21:59:43.000Z","updated_at":"2025-03-28T22:31:51.000Z","dependencies_parsed_at":"2025-03-28T23:38:16.688Z","dependency_job_id":null,"html_url":"https://github.com/nubbsterr/ELK-SIEM-Setup","commit_stats":null,"previous_names":["nubbsterr/elk-siem-setup"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nubbsterr%2FELK-SIEM-Setup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nubbsterr%2FELK-SIEM-Setup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nubbsterr%2FELK-SIEM-Setup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nubbsterr%2FELK-SIEM-Setup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nubbsterr","download_url":"https://codeload.github.com/nubbsterr/ELK-SIEM-Setup/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246145030,"owners_count":20730495,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","elasticsearch","elk","elk-stack","kibana","linux","siem"],"created_at":"2025-03-29T06:17:05.096Z","updated_at":"2025-03-29T06:17:05.490Z","avatar_url":"https://github.com/nubbsterr.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# ELK-SIEM-Setup\nA guide for building your own SIEM using the ELK stack, and how to simulate, analyze and triage attacks. Courtesy of the internet and other sources.\n\n# Preface\n\u003cstrong\u003eBig\u003c/strong\u003e thank you to all of the lovely sources on the internet. I am not one to shy away from reading documentation but this kind of project is virutally impossible for me given my limited knowledge of the ELK stack.\n\nAs stated above, there are many sources I consulted, all of which will be linked below for your own reading. Past that, the following will be a step-by-step guide of me \u003cstrong\u003ecreating my own SIEM\u003c/strong\u003e using said sources as a guide. \n\n# SIEM Features\n\u003cstrong\u003eBasic features\u003c/strong\u003e should include:\n- Log ingestion (mainly network-related logs and OS log data for initial testing. Filebeat and/or Logstash can be used for ingest.)\n- Log parsing/querying (KQL can easily query for us, parsing is done by Logstash)\n- Dashboards (Kibana duh)\n- Alerts (Achieved inside the actual SIEM UI)\n\nYou may notice that I did not include retention, and that is because I do not plan to retain data for this solution. This is made for a homelab setp; not a production environment where retention is necessary to trash malicious behaviour.\n\n# The Setup Begins\nThis is our first step into our SIEM-building journey. \n\nI will update this once I actually get going given enough research. Stay tuned :))))\n\n# Sources\n- (will be added at the end of the project ofc)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnubbsterr%2Felk-siem-setup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnubbsterr%2Felk-siem-setup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnubbsterr%2Felk-siem-setup/lists"}