S1EM - This Project Is A SIEM With SIRP And Threat Intel, All In One
2022-3-19 04:30:0 Author: www.kitploit.com(查看原文) 阅读量:156 收藏

Today, cyber attacks are more numerous and cause damage in companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable.

S1EM is a SIEM with SIRP and Threat Intel, a full packet capture, all in one.

Inside the solution:

  • Cluster Elasticsearch
  • Kibana
  • Filebeat
  • Logstash
  • Metricbeat
  • Heartbeat
  • Auditbeat
  • Syslog-ng
  • Elastalert
  • TheHive
  • Cortex
  • MISP
  • OpenCTI
  • Arkime
  • Suricata
  • Zeek
  • StoQ
  • Mwdb
  • Heimdall
  • Traefik
  • Clamav
  • Watchtower

Note: Cortex v3.1 use ELK connector and the OpenCTI v4 connector

  • Upgrade to ELK 8.0
  • Change docker Postgres and Mysql for multi databases
  • Add Spiderfoot
  • Add SOAR n8n or shuffle
  • Add OpenCVE
  • Suppress heimdall for Organizr
  • The complete documentation
  • Upgrade to elastalert2
  • SSO
  • Interact with Lab-DFIR-SOC (https://github.com/StevenDias33/Lab-DFIR-SOC)
  • Add Capa

https://www.elastic.co
https://github.com/TheHive-Project/Docker-Templates
https://github.com/jasonish/docker-suricata
https://github.com/blacktop/docker-zeek
https://github.com/rskntroot/arkime
https://github.com/coolacid/docker-misp
https://github.com/watsoninfosec/ElasticXDR
https://github.com/PUNCH-Cyber/stoq
https://github.com/jertel/elastalert-docker
https://github.com/OpenCTI-Platform/docker
https://github.com/CERT-Polska/mwdb-core
https://github.com/SigmaHQ/sigma
https://github.com/Yara-Rules/rules
https://traefik.io/
https://docs.linuxserver.io/images/docker-heimdall
https://github.com/cisagov/Malcolm
https://github.com/blueimp/jQuery-File-Upload
https://gchq.github.io/CyberChef/
https://www.clamav.net/
https://www.syslog-ng.com/

En français cette fois.
Merci à mes amis et collègues qui m´ont inspiré toutes ces années, qui m´ont aidé, et corrigé des bugs. Je pense à Kidrek, Juju, mlp1515, Wagga40, Xophidia, StevenDias33, Frak113, HiPizzaa,et tous ceux qui n´ont pas forcement de compte github.
Merci à vous :)

Liens github:
https://github.com/kidrek
https://github.com/mlp1515
https://github.com/frack113
https://github.com/StevenDias33
https://github.com/wagga40
https://github.com/xophidia

S1EM - This Project Is A SIEM With SIRP And Threat Intel, All In One S1EM - This Project Is A SIEM With SIRP And Threat Intel, All In One Reviewed by Zion3R on 5:30 PM Rating: 5


文章来源: http://www.kitploit.com/2022/03/s1em-this-project-is-siem-with-sirp-and.html
如有侵权请联系:admin#unsafe.sh