Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/V1D1AN/S1EM
This project is a SIEM with SIRP and Threat Intel, all in one.
https://github.com/V1D1AN/S1EM
arkime cortex docker elasticsearch filebeat kibana logstash malware misp mwdb n8n opencti sigma suricata thehive velociraptor yara zeek zircolite
Last synced: about 1 month ago
JSON representation
This project is a SIEM with SIRP and Threat Intel, all in one.
- Host: GitHub
- URL: https://github.com/V1D1AN/S1EM
- Owner: V1D1AN
- License: mit
- Created: 2021-05-11T10:45:54.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2024-01-21T13:22:55.000Z (11 months ago)
- Last Synced: 2024-08-02T13:34:53.956Z (5 months ago)
- Topics: arkime, cortex, docker, elasticsearch, filebeat, kibana, logstash, malware, misp, mwdb, n8n, opencti, sigma, suricata, thehive, velociraptor, yara, zeek, zircolite
- Language: Shell
- Homepage:
- Size: 10.7 MB
- Stars: 401
- Watchers: 18
- Forks: 77
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Audit: auditbeat/auditbeat-multi.yml
Awesome Lists containing this project
README
![20210518_v1d1an_bg1--white](https://user-images.githubusercontent.com/18678787/119020235-49428680-b99e-11eb-8621-935a62b966e1.png)
# Objectives
Today, cyber attacks are more numerous and cause damage in companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable.S1EM is a SIEM with SIRP and Threat Intel, a full packet capture, all in one.
Inside the solution:
* Elasticsearch ( 1 node or Cluster )
* Kibana
* Filebeat
* Logstash
* Metricbeat
* Heartbeat
* Auditbeat
* Fleet
* N8n
* Zircolite
* Velociraptor
* Spiderfoot
* Syslog-ng
* Elastalert
* TheHive
* Cortex ( With Mwdb, Capa, Yara, FileInfo, AssemblyLine )
* MISP
* OpenCTI
* Arkime
* Suricata
* Zeek
* Mwdb
* Traefik
* Codimd
* Watchtower
* Homer![S1EM](https://user-images.githubusercontent.com/18678787/226611253-91a9f2d5-748f-4900-a3e2-0b38f22e7218.png)
# Guides
- :exclamation:[Installation Guide](https://github.com/V1D1AN/S1EM/wiki/Installation-Guide)
- [Access Guide](https://github.com/V1D1AN/S1EM/wiki/Access-guide)
- [Configuration Guide](https://github.com/V1D1AN/S1EM/wiki/Configuration-guide)
- [Upgrade guide](https://github.com/V1D1AN/S1EM/wiki/Upgrade-guide)
- [Detection Guide](https://github.com/V1D1AN/S1EM/wiki/Detection-guide)
- [Incident Response Guide](https://github.com/V1D1AN/S1EM/wiki/Incident-response-guide)
- [Threat Intel Guide](https://github.com/V1D1AN/S1EM/wiki/Threat-intel-guide)
- [Agent Guide](https://github.com/V1D1AN/S1EM/wiki/agent-guide)
- [Architecture Guide](https://github.com/V1D1AN/S1EM/wiki/Architecture-guide)
- [Troubleshooting Guide](https://github.com/V1D1AN/S1EM/wiki/Troubleshooting-guide)
- [SOAR](https://github.com/V1D1AN/S1EM/wiki/Soar-guide)
- [Use EDR Elastic with S1EM](https://github.com/V1D1AN/S1EM/wiki/Edr-guide)
- [Use TPOT with S1EM](https://github.com/V1D1AN/S1EM/wiki/Tpot-guide)
- [Screenshot of S1EM](https://github.com/V1D1AN/S1EM/wiki/Screenshot-of-S1EM)# Try S1EM
For EVTX File, you can try S1EM (Zircolite) with [EVTX-ATTACK-SAMPLES](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES).
For Pcap File, you can try S1EM (Suricata/Zeek/Mwdb) with [MALWARE-TRAFFIC-ANALYSIS](https://www.malware-traffic-analysis.net/index.html).# Discord
The serveur discord of S1EM : https://discord.gg/uFBzr8fWmC
# Roadmap
- [ ] Add OpenCVE
- [ ] The complete documentation
- [ ] SSO
- [ ] Interact with Lab-DFIR-SOC (https://github.com/StevenDias33/Lab-DFIR-SOC)
- [x] Add Capa ( In cortex )
- [x] Add Zircolite
- [x] Add Velociraptor
- [ ] Installation of S1EM with Ansible
- [ ] Integration in Secubian (https://github.com/kidrek/secubian)
- [ ] Integration of T-POT (https://github.com/telekom-security/tpotce)# Related project
https://www.elastic.co
https://github.com/TheHive-Project/Docker-Templates
https://github.com/jasonish/docker-suricata
https://github.com/blacktop/docker-zeek
https://github.com/rskntroot/arkime
https://github.com/coolacid/docker-misp
https://github.com/m0ns7er/ElasticXDR
https://github.com/jertel/elastalert-docker
https://github.com/OpenCTI-Platform/docker
https://github.com/CERT-Polska/mwdb-core
https://github.com/SigmaHQ/sigma
https://github.com/Yara-Rules/rules
https://traefik.io/
https://docs.linuxserver.io/images/docker-heimdall
https://github.com/cisagov/Malcolm
https://github.com/blueimp/jQuery-File-Upload
https://gchq.github.io/CyberChef/
https://www.syslog-ng.com/
https://github.com/bastienwirtz/homer
https://github.com/wagga40/zircolite
https://github.com/weslambert
https://github.com/Velocidex/velociraptor
# Special thanks
En français cette fois.
Merci à mes amis et collègues qui m´ont inspiré toutes ces années, qui m´ont aidé, et corrigé des bugs.
Je pense à Kidrek, Juju, mlp1515, Wagga40, Xophidia, StevenDias33, Frak113, HiPizzaa,et tous ceux qui n´ont pas forcement de compte github.
Merci à vous :)Liens github:
https://github.com/kidrek
https://github.com/mlp1515
https://github.com/frack113
https://github.com/StevenDias33
https://github.com/wagga40
https://github.com/xophidia# Special thanks in english
Thanks to @Mcdave2k1 for your pull requests# Donate
If this project help you reduce time to develop, you can give me a cup of coffee :)[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/donate/?business=DUEQFS9Z2E9XW&no_recurring=0&item_name=If+this+project+help+you+reduce+time+to+develop%2C+you+can+give+me+a+cup+of+coffee+%3A%29¤cy_code=EUR)