🐳 Elastic Stack (ELK) v9+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.

Production-ready Dockerized SIEM/SOC stack with hot/warm tiering — OpenSearch, Logstash, Grafana, Wazuh, Prometheus, InfluxDB, Syslog-ng

Free, open-source SIEM/SOAR stack using Ansible and Docker Compose.

A customizable, containerized Wazuh SIEM stack built for homelab environments. This project leverages Docker Compose to deploy Wazuh components (Manager, Indexer, Dashboard) alongside essential tools for threat detection, incident response, and security monitoring in a self-hosted, lightweight setup.

Build a basic SIEM using docker compose, Elastic stack, Nginx web proxy and Any test web application of choice.

O-SIEM Stack: OpenSearch Security Information and Event Management A complete SIEM solution using Docker Compose with OpenSearch, OpenSearch Dashboards, Logstash, Filebeat, Fluent Bit, and Syslog-ng for centralized log collection, processing, and analysis with real-time security monitoring capabilities.

A FastAPI & React full-stack SOC dashboard for real-time threat detection. Built with PostgreSQL and Docker, it features a SIEM agent monitoring logs, network traffic, and processes. This enterprise-grade pipeline ingests and analyzes live security events to visualize suspicious activity instantly. Efficient, async, and scalable.

Wazuh SIEM + N8N SOAR + TheHive + Cortex + MISP - Complete Security Stack on Docker

Elastic stack with docker. Open source SIEM

Lab pratico per la configurazione di un SIEM usando Elasticsearch, Filebeat e Kibana con Docker.

SIEM using ELK stack with Wazuh in Docker

Mini SIEM built with ELK Stack and Docker.

A beginner-friendly Mini-SIEM using ELK Stack and Docker

ELK Stack SIEM Lab - Docker-based security monitoring practice environment

A Docker Compose stack for automatically setting up a web & SIEM service

ELK Stack based SIEM with AI-driven anomaly detection using Python and Docker

Wazuh SIEM stack (Docker), Linux log ingestion, Python brute-force simulation, alert triage and rule IDs documented.

A lightweight SIEM solution using the ELK stack, Docker, Winlogbeat and Sysmon for efficient log collection and analysis.

Built a basic SIEM using Docker Compose and the Elastic Stack, Nginx web proxy, and a test web application

A Mini-SIEM using ELK Stack and Docker for centralized log collection and real-time monitoring of security events. Automated deployment via Docker Compose.

SOC Stack v2 — Wazuh SIEM + Keycloak SSO + TheHive + Cortex + MISP + n8n | Docker Compose deployment with domain-ssl and ip-ssl modes

Mini SOC lab: Wazuh SIEM + Suricata IDS + Elastic Stack in Docker. Detects SSH brute-force & port scans with automated alerts and Kibana dashboard.

Automated PowerShell script to deploy a Wazuh SIEM stack on Windows using Docker. Includes automatic SSL certificate generation and WSL2/Hyper-V memory limit fixes.

🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.

A learning project demonstrating a mini SIEM system with log generation from a web app and SSH, using ELK Stack and Grafana, fully deployed with Docker, Kubernetes, Terraform, GitHub Actions, and AWS.

lightweight deployment of the Wazuh SIEM (Security Information and Event Management) stack. Custom Docker implementation designed for Coolify and resource-constrained environments, reducing memory footprint by ~40% while maintaining full Blue Team functionality.

My interest in DevSecOps drives me to bridge the gap between development and security containerizing applications with Docker, orchestrating workflows via GitHub Actions CI/CD, and monitoring threats using SIEM tools like ELK Stack, Splunk, and Wazuh.

Open-source SIEM arsenal built on Elastic Stack, Dockerized ELK + Elastic Agent simulation + EQL/KQL correlation + ingest pipelines + MITRE ATT&CK Navigator mapping + hybrid Python ML anomaly detection.Real-time threat hunting, automated incident reporting, and live attack simulation. Instant docker-compose + exportable dashboards, rules & scripts.