Security Information and Event Management Tools
SIEM platforms for centralized security log management, correlation, alerting, and compliance reporting.
Browse 198 security information and event management tools
FEATURED
USE CASES
Steampipe is a zero-ETL solution for getting data directly from APIs and services.
An open source cloud-native security data lake platform for AWS that normalizes security logs into structured data with Detection-as-Code capabilities and vendor-neutral storage using open standards.
A command-line tool for searching AWS CloudWatch logs using pattern matching with configurable parameters for log groups, time ranges, and regions.
Tenzir is a data pipeline solution that provides security data management capabilities through pipelines, nodes, and a centralized platform for analytics and detection operations.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
An alternative to the auditd daemon with goals of safety, speed, JSON output, and pluggable pipelines connecting to the Linux kernel via netlink.
SCOT is a cybersecurity incident tracking and management platform that enables security operations centers to document, analyze, and coordinate responses to security events through collaborative workflows.
Export Kubernetes events for observability and alerting purposes with flexible routing options.
A Sysmon configuration repository for customizing Microsoft Sysinternals Sysmon configurations with modular setup.
A framework for creating standardized cybersecurity event schemas in JSON format that enables interoperability across security tools and platforms.
Converts Sigma and Yara rules to CRYPTTECH's SIEM query language.
A Python library and command line tool that creates interactive visualizations for log data analysis with zoom and navigation capabilities.
A community-led project focused on standardizing security event logs.
Home for rules used by Elastic Security with code for unit testing, Kibana integration, and Red Team Automation.
Logdissect is a CLI utility and Python library for analyzing log files and other data.
A Security Information and Event Management (SIEM) system with a focus on security and minimalism.
Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.
Sample detection rules and dashboards for Google Security Operations
A cloud-native, event-driven data pipeline toolkit for security teams that processes and routes data across AWS services with custom formatting and API enrichment capabilities.
Apache Metron is a centralized tool for security monitoring and analysis that integrates various open-source big data technologies.
Serverless, real-time data analysis framework for incident detection and response.
ElastAlert is a framework for alerting on anomalies in Elasticsearch data.
A Sysmon configuration file template with detailed explanations and tutorial-like features.
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.
Articles About Security Information and Event Management
Tool roundups, buying guides, and strategic analysis from the CybersecTools resource library.
Security Information and Event Management Tools FAQ
Common questions about Security Information and Event Management tools, selection guides, pricing, and comparisons.
Priority log sources: identity systems (Active Directory, SSO, MFA), endpoint security (EDR, antivirus), network devices (firewalls, proxies, DNS), cloud platforms (AWS CloudTrail, Azure Activity Log, GCP Audit Logs), email security, and critical application logs. Start with identity and endpoint logs as they detect the most common attack patterns, then expand based on your threat model.
Reduce SIEM costs by: tiering log sources (high-value logs to SIEM, low-value to cheap storage), filtering noisy events at the source (debug logs, health checks), using data lake architectures for long-term retention with SIEM for real-time alerting, normalizing and deduplicating events before ingestion, and regularly reviewing detection rules to remove those generating noise without value.
