https://github.com/dogoncouch/LogESP

Open Source SIEM (Security Information and Event Management system).
https://github.com/dogoncouch/LogESP

asset-management forensics log log-analysis log-collector log-management log-monitoring log-parser risk-assessment risk-management secops security security-analysis security-audit security-awareness security-tools siem syslog vulnerability-management web-application

Last synced: 3 months ago
JSON representation

Open Source SIEM (Security Information and Event Management system).

• Host: GitHub
• URL: https://github.com/dogoncouch/LogESP
• Owner: dogoncouch
• License: mit
• Created: 2018-01-12T23:40:50.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2023-08-24T20:13:12.000Z (about 1 year ago)
• Last Synced: 2024-04-15T00:48:57.820Z (7 months ago)
• Topics: asset-management, forensics, log, log-analysis, log-collector, log-management, log-monitoring, log-parser, risk-assessment, risk-management, secops, security, security-analysis, security-audit, security-awareness, security-tools, siem, syslog, vulnerability-management, web-application
• Language: Python
• Homepage:
• Size: 2.34 MB
• Stars: 183
• Watchers: 16
• Forks: 65
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: docs/CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: docs/CODE_OF_CONDUCT.md

Awesome Lists containing this project

• awesome-hacking-lists - dogoncouch/LogESP - Open Source SIEM (Security Information and Event Management system). (Python)

README

        
# LogESP

LogESP (c) 2018 Dan Persons | [MIT License](LICENSE)

## Index

- [Introduction](#introduction)

- [Installing on Ubuntu](docs/install-ubuntu.md)

- [Screenshots](docs/screenshots.md)

### Asset Management Documentation

- [Asset Management](docs/hwam.md)

### Risk Management Documentation

- [Adversarial Threats](docs/risk/adv_threat.md)

  - [Adversarial Threat Events](docs/risk/adv_threat.md#adversarial-threat-events)

  - [Adversarial Threat Sources](docs/risk/adv_threat.md#adversarial-threat-sources)

  - [Vulnerabilities](docs/risk/adv_threat.md#vulnerabilities)

  - [Responses](docs/risk/adv_threat.md#responses)

  - [Impacts](docs/risk/adv_threat.md#impacts)

- [Non-Adversarial Threats](docs/risk/nonadv_threat.md)

  - [Non-Adversarial Threat Events](docs/risk/nonadv_threat.md#non-adversarial-threat-events)

  - [Non-Adversarial Threat Sources](docs/risk/nonadv_threat.md#non-adversarial-threat-sources)

  - [Risk Conditions](docs/risk/nonadv_threat.md#risk-conditions)

  - [Responses](docs/risk/nonadv_threat.md#responses)

  - [Impacts](docs/risk/nonadv_threat.md#impacts)

### SIEM Documentation

- [Parsing](docs/siem/parsing.md)

  - [Parse Daemon](docs/siem/parsing.md/#parse-daemon)

  - [Event Parsing](docs/siem/parsing.md/#event-parsing)

    - [Parsers](docs/siem/parsing.md/#parsers)

    - [Parse Helpers](docs/siem/parsing.md/#parse-helpers)

  - [Configuration](docs/siem/parsing.md/#configuration)

- [Rules](docs/siem/rules.md)

  - [Sentry Daemon](docs/siem/rules.md/#sentry-daemon)

  - [Limit Rules](docs/siem/rules.md/#limit-rules)

    - [Rule vs. Log Events](docs/siem/rules.md/#rule-vs-log-events)

    - [Filters](docs/siem/rules.md/#filters)

    - [Match Lists](docs/siem/rules.md/#match-lists)

    - [Reverse Matching](docs/siem/rules.md/#reverse-matching)

    - [Magnitude Calculation](docs/siem/rules.md/#magnitude-calculation)

- [Events](docs/siem/events.md)

  - [Anatomy of a Log Event](docs/siem/events.md/#anatomy-of-a-log-event)

  - [Anatomy of a Rule Event](docs/siem/events.md/#anatomy-of-a-rule-event)

- [Daemons](docs/siem/daemons.md)

- [Regex Tips](docs/siem/regex.md)

## Introduction

LogESP is a SIEM (Security Information and Event Management system) written in Python Django. It features a web frontend, and handles log management and forensics, risk management, and asset management.

### Design Principles

#### Security

LogESP was designed and built as a security application, and minimalism can be good for security.

- LogESP is built on the Python Django framework.

- LogESP does not require credentials, or installation of its software, on log sources. Event forwarding is left entirely up to syslog daemons.

- The LogESP web interface uses no client-side scripting.

#### [NIST](https://www.nist.gov/) guidelines

The LogESP risk management system is based on NIST [risk assessment](https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final) guidelines, and the SIEM and forensics apps are designed to support the NIST [incident response](https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final) and [forensics](https://csrc.nist.gov/publications/detail/sp/800-86/final) guidelines.

#### Simplicity

LogESP embraces the Unix design philosophy. It is designed to be as simple as possible, in order to be easy to understand, use, maintain, and extend.

### Applications

LogESP includes a few different applications:

- SIEM - Security Information and Event Management

- Assets - Asset Management

- Risk - Risk Management