Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/V1D1AN/S1EM

This project is a SIEM with SIRP and Threat Intel, all in one.
https://github.com/V1D1AN/S1EM

arkime cortex docker elasticsearch filebeat kibana logstash malware misp mwdb n8n opencti sigma suricata thehive velociraptor yara zeek zircolite

Last synced: 3 months ago
JSON representation

This project is a SIEM with SIRP and Threat Intel, all in one.

Host: GitHub
URL: https://github.com/V1D1AN/S1EM
Owner: V1D1AN
License: mit
Created: 2021-05-11T10:45:54.000Z (over 3 years ago)
Default Branch: master
Last Pushed: 2024-01-21T13:22:55.000Z (10 months ago)
Last Synced: 2024-06-19T16:06:16.787Z (5 months ago)
Topics: arkime, cortex, docker, elasticsearch, filebeat, kibana, logstash, malware, misp, mwdb, n8n, opencti, sigma, suricata, thehive, velociraptor, yara, zeek, zircolite
Language: Shell
Homepage:
Size: 10.7 MB
Stars: 393
Watchers: 18
Forks: 77
Open Issues: 2
Metadata Files:
- Readme: README.md
- Audit: auditbeat/auditbeat-multi.yml

Awesome Lists containing this project

README

        ![20210518_v1d1an_bg1--white](https://user-images.githubusercontent.com/18678787/119020235-49428680-b99e-11eb-8621-935a62b966e1.png)



  

    

    

    

    

  



# Objectives

Today, cyber attacks are more numerous and cause damage in companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable.

S1EM is a SIEM with SIRP and Threat Intel, a full packet capture, all in one.

Inside the solution:

* Elasticsearch ( 1 node or Cluster )

* Kibana

* Filebeat

* Logstash

* Metricbeat

* Heartbeat

* Auditbeat

* Fleet

* N8n

* Zircolite

* Velociraptor

* Spiderfoot

* Syslog-ng

* Elastalert

* TheHive

* Cortex ( With Mwdb, Capa, Yara, FileInfo, AssemblyLine )

* MISP

* OpenCTI 

* Arkime

* Suricata

* Zeek

* Mwdb

* Traefik

* Codimd

* Watchtower

* Homer

![S1EM](https://user-images.githubusercontent.com/18678787/226611253-91a9f2d5-748f-4900-a3e2-0b38f22e7218.png)

# Guides

- :exclamation:[Installation Guide](https://github.com/V1D1AN/S1EM/wiki/Installation-Guide)

- [Access Guide](https://github.com/V1D1AN/S1EM/wiki/Access-guide)

- [Configuration Guide](https://github.com/V1D1AN/S1EM/wiki/Configuration-guide)

- [Upgrade guide](https://github.com/V1D1AN/S1EM/wiki/Upgrade-guide)

- [Detection Guide](https://github.com/V1D1AN/S1EM/wiki/Detection-guide)

- [Incident Response Guide](https://github.com/V1D1AN/S1EM/wiki/Incident-response-guide)

- [Threat Intel Guide](https://github.com/V1D1AN/S1EM/wiki/Threat-intel-guide)

- [Agent Guide](https://github.com/V1D1AN/S1EM/wiki/agent-guide)

- [Architecture Guide](https://github.com/V1D1AN/S1EM/wiki/Architecture-guide)

- [Troubleshooting Guide](https://github.com/V1D1AN/S1EM/wiki/Troubleshooting-guide)

- [SOAR](https://github.com/V1D1AN/S1EM/wiki/Soar-guide)

- [Use EDR Elastic with S1EM](https://github.com/V1D1AN/S1EM/wiki/Edr-guide)

- [Use TPOT with S1EM](https://github.com/V1D1AN/S1EM/wiki/Tpot-guide)

- [Screenshot of S1EM](https://github.com/V1D1AN/S1EM/wiki/Screenshot-of-S1EM)

# Try S1EM

For EVTX File, you can try S1EM (Zircolite) with [EVTX-ATTACK-SAMPLES](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES). 


For Pcap File, you can try S1EM (Suricata/Zeek/Mwdb) with [MALWARE-TRAFFIC-ANALYSIS](https://www.malware-traffic-analysis.net/index.html).

# Discord

The serveur discord of S1EM : https://discord.gg/uFBzr8fWmC

# Roadmap

- [ ] Add OpenCVE

- [ ] The complete documentation

- [ ] SSO

- [ ] Interact with Lab-DFIR-SOC (https://github.com/StevenDias33/Lab-DFIR-SOC)

- [x] Add Capa ( In cortex )

- [x] Add Zircolite

- [x] Add Velociraptor

- [ ] Installation of S1EM with Ansible

- [ ] Integration in Secubian (https://github.com/kidrek/secubian)

- [ ] Integration of T-POT (https://github.com/telekom-security/tpotce)

# Related project

https://www.elastic.co 


https://github.com/TheHive-Project/Docker-Templates 


https://github.com/jasonish/docker-suricata 


https://github.com/blacktop/docker-zeek 


https://github.com/rskntroot/arkime 


https://github.com/coolacid/docker-misp 


https://github.com/m0ns7er/ElasticXDR


https://github.com/jertel/elastalert-docker 


https://github.com/OpenCTI-Platform/docker 


https://github.com/CERT-Polska/mwdb-core 


https://github.com/SigmaHQ/sigma 


https://github.com/Yara-Rules/rules 


https://traefik.io/ 


https://docs.linuxserver.io/images/docker-heimdall 


https://github.com/cisagov/Malcolm 


https://github.com/blueimp/jQuery-File-Upload 


https://gchq.github.io/CyberChef/ 


https://www.syslog-ng.com/ 


https://github.com/bastienwirtz/homer 


https://github.com/wagga40/zircolite 


https://github.com/weslambert 


https://github.com/Velocidex/velociraptor 
 

# Special thanks

En français cette fois. 


Merci à mes amis et collègues qui m´ont inspiré toutes ces années, qui m´ont aidé, et corrigé des bugs.

Je pense à Kidrek, Juju, mlp1515, Wagga40, Xophidia, StevenDias33, Frak113, HiPizzaa,et tous ceux qui n´ont pas forcement de compte github. 


Merci à vous :)

Liens github: 


https://github.com/kidrek 


https://github.com/mlp1515 


https://github.com/frack113 


https://github.com/StevenDias33 


https://github.com/wagga40 


https://github.com/xophidia 


# Special thanks in english

Thanks to @Mcdave2k1 for your pull requests

# Donate

If this project help you reduce time to develop, you can give me a cup of coffee :) 


[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/donate/?business=DUEQFS9Z2E9XW&no_recurring=0&item_name=If+this+project+help+you+reduce+time+to+develop%2C+you+can+give+me+a+cup+of+coffee+%3A%29&currency_code=EUR)