๐ SIEMELK is a customizable and scalable Security Monitoring Software Solution that is accessible to small, medium amd enterprise organizations.
๐ SIEMELK is built on the best of Open Source tools with extra functionality, integration stability and correlation providing enriching data from the SIEM.
๐ SIEMELK IS NOT AN OPEN-SOURCE PLATFORM
โ๏ธ Open Search for Elasticsearch + Kibana + Logstash + Filebeat
โ๏ธ Host and Network Threat Hunting (sysmon + wazuh)
โ๏ธ Embeded IDPS Service
โ๏ธ Netflow support
โ๏ธ Alerting
โ๏ธ Reporting
โ๏ธ Anomaly Detection
โ๏ธ Cyber Threat Intelligence
โ๏ธ Incident Response Integration
โ๏ธ Observables Analyzer
โ๏ธ Network Scanning module (Web-map)
โ๏ธ Cluster Management
โ๏ธ SOAR Operations
โ๏ธ The SIEM module supports:
- Fortinet (Fortigate, Fortiweb)
- Sophos (Sophos, Cyberoam)
- Cisco (Routers, Switches, ASA, FTD, FMC)
- Linux (security events, FIM)
- Windows (Sysmon, Security events)
- Netflow
- Suricata (IDSTower + 1 year free license)
- Host security analysis - Wazuh
- Login bruteforce attack detection
- MITRE ATT&CK tactics and techniques
- Portsecurity, ARP inspection, DHCP snooping
The minimum requierments to deploy the stack:
- 32GB of RAM + 4GB extra (Linux and services)
- 16 Cores of CPU is Good to go.
your stack resources depends on many factors like :
- how many hosts do you want to monitor?
- how many Endpoints you have?
- how much EPS (Event Per Second) the SIEM should handle?
This table will help you to decide:
RAM | CPU | DISK | EPS | Entire Need | Stack |
---|---|---|---|---|---|
32GB | 12 | 1TB | 3K-5K | 40GB RAM | Free |
48GB | 16 | 2TB | 5K-10K | 56GB RAM | Paid |
64GB | 24 | 2TB+ | 10K+ | 72GB RAM | paid |
SIEMELK is free to download and use, but if you need the 100% power of SIEMELK for your SOC, then consider the table below:
Feature/Edition | Free | Enterprise |
---|---|---|
Platform: | VM | VM |
Endpoints: | 1-200 | Up to 1K |
EPS: | 5K | Up to 100K |
Base SIEM: | โ | โ |
Reports: | โ | โ |
Host Intrusion Detection: | โ | โ |
Cluster Management: | โ | โ |
Anomaly Detection: | โ | โ |
Alerting: | โ | โ |
Network Scanning Module: | โ | โ |
Network Intrusion Detection: | โ | โ |
Upgradeable: | โ | โ |
Kubernetes Scalable: | โ | โ |
Threat Intelligence: | โ | โ |
Incident Response: | โ | โ |
SOAR: | โ | โ |
Observability Analyzer: | โ | โ |
โ๏ธ To benefit the full functionality of SIEMELK
โ๏ธ To get technical support
โ๏ธ To get the last updates and special price
โ๏ธ We provide network architecture design and consulting for both IT and OT (SCADA), networks.
โ๏ธ We can help you to build your SOC (Securtiy Operations Center) based on the lastest methods available.
Download The OVA template and deploy it to your VMware infrastructure.
Release | Size | Package |
---|---|---|
SIEMELK-v1.0 | 36 GB | ova |
Part-01 | 4GB | |
Part-02 | 4GB | |
Part-03 | 4GB | |
Part-04 | 4GB | |
Part-05 | 4GB | |
Part-06 | 4GB | |
Part-07 | 4GB | |
Part-08 | 4GB | |
Part-09 | 4GB |
- Adding ability to upload your configuration files from web
- Adding ability to add replicas to your Elasticsearch form web
- Adding Message Queuing โ Kafka
- Adding support for K8S
If you see any bug or have something to improve SIEMELK please file an issue.