Today, cyber attacks are more numerous and cause damage in companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable.
S1EM is a SIEM with SIRP and Threat Intel, a full packet capture, all in one.
Inside the solution:
- Elasticsearch
- Kibana
- Filebeat
- Logstash
- Metricbeat
- Auditbeat
- Elastalert
- TheHive
- Cortex
- MISP
- OpenCTI
- Arkime
- Suricata 6
- Zeek 3
- FleetDm
- StoQ
- Heimdall
- Traefik
Note: Cortex v3.1 use ELK connector and the OpenCTI v4 connector
- Installation Guide
- Upgrade guide
- Configuration Guide
- Access Guide
- Detection Guide
- Incident Response Guide
- Threat Intel Guide
- Agent Guide
- Architecture Guide
- Troubleshooting Guide
- Screenshot of S1EM
- Integrate heimdall
- The complete documentation
- Add Cyberchef
- Upgrade to elastalert2
- Upgrade to suricata 6
- Upgrade to zeek 4
- Upload SigmaHQ rules automatically into kibana
- Update Suricata rules automatically
- Update Yara rules automatically
- Elasticsearch multi-nodes with ssl
- Change Stoq to File-monitor ( Clamav,CAPA,Yara )
- Extract file with Zeek
- Integrate Arkime
- SSO
- Integrate Att@ck Navigator
- Integration of OpenCVE
- Integrate Pfelk
- Interact with Lab-DFIR-SOC (https://github.com/StevenDias33/Lab-DFIR-SOC)
- Upgrade to ELK 7.13.0
En français cette fois.
Merci à mes amis et collègues qui m´ont inspiré toutes ces années, qui m´ont aidé, et corrigé des bugs.
Je pense à Kidrek, Juju, mlp1515, Wagga40, Xophidia, StevenDias33, Frak113, et tous ceux qui n´ont pas forcement de compte github.
Merci à vous :)
Liens github:
https://github.com/kidrek
https://github.com/mlp1515
https://github.com/frack113
https://github.com/StevenDias33
https://github.com/wagga40
https://github.com/xophidia