Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Main Sigma Rule Repository

Free and open log management

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

Siema - Lightweight and simple carousel in pure JavaScript

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

🐳 Elastic Stack (ELK) v9+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.

Fast and easy to use database for logs, which can efficiently handle terabytes of logs

A curated knowledge base to build, run and mature a SOC (including CSIRT).

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Awesome Security lists for SOC/CERT/CTI

tirreno is an open-source security framework. Event tracking, threat detection, and risk scoring for any application.

pfSense/OPNsense + Elastic Stack

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

A collective list of public APIs for use in security. Contributions welcome

Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

Transform Linux Audit logs for SIEM usage

FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool.

Tenzir is the data pipeline engine for security teams.

Agentic SOC Platform: A powerful, flexible, open-source, and agent-centric automated security operations platform

SIEM Tactics, Techiques, and Procedures

Pipelined Query Language

A solution for collecting, correlating and visualizing multiple types of logs to help investigate security incidents.

Awesome list of keywords and artifacts for Threat Hunting sessions

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.