siem

🐳 Elastic Stack (ELK) v9+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.

docker elasticsearch kibana elasticstack logstash docker-compose elk siem observability elk-stack

UpdatedJan 3, 2026
Dockerfile

matanolabs /matano

Star1.7k

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

rust aws security cloud big-data serverless alerting dfir secops cybersecurity cloud-native threat-hunting siem log-management aws-security security-tools cloud-security log-analytics apache-iceberg detection-engineering

UpdatedJan 8, 2025
Rust

cyb3rxp /awesome-soc

Star1.6k

A collection of sources of documentation, as well as field best practices, to build/run a SOC

architecture detection management incident-response soa cert csirt siem tip soc risk-management ttp soar sirp mitre-attack purpleteam

UpdatedFeb 20, 2026

VictoriaMetrics /VictoriaLogs

Star1.5k

Fast and easy to use database for logs, which can efficiently handle terabytes of logs

kubernetes elasticsearch grafana logs siem loki observability opentelemetry

UpdatedFeb 20, 2026
Go

mthcht /awesome-lists

Sponsor

Star1.3k

Awesome Security lists for SOC/CERT/CTI

security ioc detection incident-response dfir ransomware awesome-list threat-hunting siem iocs cti soc ir blueteam threat-intelligence rmm redteam hacktools detection-engineering blueteam-tools

UpdatedFeb 20, 2026
YARA

pfelk /pfelk

Star1.2k

pfSense/OPNsense + Elastic Stack

docker elasticsearch firewall logs opnsense siem elastic pfsense

UpdatedNov 28, 2025
Shell

tirrenotechnologies /tirreno

Star1.1k

tirreno is an open-source security framework. Event tracking, threat detection, and risk scoring for any application.

intelligence log-analysis php-scripts intranet audit-logs siem user-monitoring fraud-prevention antispam bot-detection application-monitoring fraud-detection php-project security-framework fraud bot-management security-analytics audit-trails cybersecurity-tools cybersecurity-projects

UpdatedFeb 13, 2026
PHP

edoardogerosa /sentinel-attack

Star1.1k

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

azure detection logging cybersecurity sysmon threat-hunting siem security-tools blue-team mitre-attack workbooks sysmon-config terraform-azure kql azure-sentinel

UpdatedNov 28, 2024

mikeroyal /Open-Source-Security-Guide

Star1.1k

Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

surveillance incident-response intrusion-detection infosec compliance siem vulnerabilities network-analysis information-security kali-linux vulnerability-detection offensive-security cyber-security incident-management pentesters privacy-protection mitre-attack scanning-tool detection-engineering forensics-tools

UpdatedJun 27, 2025
Go

jaegeral /security-apis

Star968

A collective list of public APIs for use in security. Contributions welcome

security json json-api awesome-list siem

UpdatedJul 22, 2025

nsacyber /Event-Forwarding-Guidance

Star881

Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

windows event-log siem

UpdatedNov 17, 2020
PowerShell

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.