S1EM

S1EM is a SIEM with SIRP and Threat Intel, a full packet capture, all in one.

Today, cyber attacks are more numerous and cause damage in companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable.

Inside the solution:

  • Cluster Elasticsearch
  • Kibana
  • Filebeat
  • Logstash
  • Metricbeat
  • Heartbeat
  • Auditbeat
  • Syslog-ng
  • Elastalert
  • TheHive
  • Cortex
  • MISP
  • OpenCTI
  • Arkime
  • Suricata
  • Zeek
  • StoQ
  • Mwdb
  • Heimdall
  • Traefik
  • Clamav
  • Watchtower

Note: Cortex v3.1 use ELK connector and the OpenCTI v4 connector

Guides

Roadmap

  • : Change docker Postgres and Mysql for multi databases
  • : Add Spiderfoot
  • : Add SOAR shuffle
  • : Add OpenCVE
  • : Add Codimd
  • : Suppress heimdall for Homer
  • : The complete documentation
  • : Upgrade to elastalert2
  • : SSO
  • : Interact with Lab-DFIR-SOC
  • : Add Capa


Share this post




About

Welcome to Cyber-Security.tk my personal blog to share my knowledge
Cyber Security, Ethical Hacking, Web & Network Auditing, Reverse Engineering and Cryptography
This website don't use analytics tracking and is ads-free. JavaScript is enabled .


Contact

Contact Form : Connect with Us

    Ricochet : ricochet:3ka6l4q255cakeirgxupsl5i4lw3qpk5gmngtv5amax64hckuovgozyd


2023 © 0x1 | Cyber Security Consulting - Copyright All Rights Reserved