Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/snowkluster/seim

A Custom SIEM platform for log monitoring and threat detection.
https://github.com/snowkluster/seim

Last synced: 3 days ago
JSON representation

A Custom SIEM platform for log monitoring and threat detection.

Host: GitHub
URL: https://github.com/snowkluster/seim
Owner: snowkluster
License: mit
Created: 2024-02-22T13:49:41.000Z (9 months ago)
Default Branch: master
Last Pushed: 2024-06-26T05:37:12.000Z (5 months ago)
Last Synced: 2024-06-26T13:51:35.721Z (5 months ago)
Language: JavaScript
Homepage:
Size: 1.87 MB
Stars: 0
Watchers: 1
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: SECURITY.md

Awesome Lists containing this project

README

SEIM

![GitHub repo size](https://img.shields.io/github/repo-size/snowkluster/SEIM) [![MIT License](https://img.shields.io/badge/License-MIT-green.svg)](https://choosealicense.com/licenses/mit/)

SEIM is a custom log monitoring and analysis solution that is built using Docker, It allows visualizing data from multiple sources and generate PDF reports to be shared. It is based on my research done on SIEM platforms like wazuh and Splunk. It can also connect to different AI models to detect threats in real time. SEIM can be used to detect DDOS and DOS attacks on a site and provide an incident report of the following.

#### Note
This repository only contains the architecture and the analysis code for the platform, not the code related to AI model. The model and its functionality are exposed using an API endpoint.
The best_model.pkl file is the model for the detection is not included in this git repo, but it can be download for this [Drive](https://drive.google.com/file/d/1eFBOXEAs12yjRCZgUEii3ris66njeQpt/view?usp=sharing)

## Model
The Model for the detection can be download [here](https://drive.google.com/file/d/1eFBOXEAs12yjRCZgUEii3ris66njeQpt/view?usp=sharing) and should be placed in the [guard](guard) directory

## Deployment

To deploy this project run

```bash
bash setup.sh
```
OR

```sh
chmod +X setup.sh \
./setup.sh
```

## Usage/Examples

Visit [`localhost`](http://localhost) to view the demo site and visit [`admin.localhost`](http://admin.localhost) to get access to the admin panel after running the start-up script, to view live analytics and alerts about attacks happening on the demo site.

To Stop the project run the setup script with the stop argument `./setup.sh stop`

:small_blue_diamond: Docker Compose OverView

:small_blue_diamond: User Data Workflow

workflow

## Authors

- [@snowkluster](https://github.com/snowkluster)