Security Information and Event Management

Tenzir is a data pipeline solution that provides security data management capabilities through pipelines, nodes, and a centralized platform for analytics and detection operations.

Datadog offers a comprehensive suite of cybersecurity tools for various aspects of application and infrastructure monitoring.

Logdissect is a CLI utility and Python library for analyzing log files and other data.

SCOT is a cybersecurity incident tracking and management platform that enables security operations centers to document, analyze, and coordinate responses to security events through collaborative workflows.

Open-source abuse management toolkit for automating and improving the abuse handling process.

Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.

Sample detection rules and dashboards for Google Security Operations

A Security Information and Event Management (SIEM) system with a focus on security and minimalism.

AlienVault OSSIM provides an all-in-one security management solution with asset discovery, vulnerability assessment, and SIEM capabilities.

An alternative to the auditd daemon with goals of safety, speed, JSON output, and pluggable pipelines connecting to the Linux kernel via netlink.

Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.

ElastAlert is a framework for alerting on anomalies in Elasticsearch data.

A centralized tool for security monitoring and analysis that integrates various open source big data technologies.

Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.

Unified repository for Microsoft Sentinel and Microsoft 365 Defender containing security content, detections, queries, playbooks, and resources to secure environments and hunt for threats.

IBM QRadar is a SIEM solution for real-time threat detection.

A repository providing guidance on collecting security-relevant Windows event logs using Windows Event Forwarding (WEF).

A Python library and command line tool that creates interactive visualizations for log data analysis with zoom and navigation capabilities.

A framework for creating standardized cybersecurity event schemas in JSON format that enables interoperability across security tools and platforms.

A cloud-native, event-driven data pipeline toolkit for security teams that processes and routes data across AWS services with custom formatting and API enrichment capabilities.

A method for log volume reduction without losing analytical capability.

Event Log Explorer is a software solution for viewing, analyzing, and monitoring events recorded in Microsoft Windows event logs, offering advanced features and efficient filtering capabilities.

Home for rules used by Elastic Security with code for unit testing, Kibana integration, and Red Team Automation.

An open source cloud-native security data lake platform for AWS that normalizes security logs into structured data with Detection-as-Code capabilities and vendor-neutral storage using open standards.