SIEM
Security Information and Event Management solutions for log management and security monitoring
Try these 57 AI SIEM Tools
Logdissect
A cloud-native SIEM platform that provides security analytics, intuitive workflow, and simplified incident response to help security teams defend against cyber threats.
LogSlash
Elasticsearch is a versatile platform for centralized data storage, fast search, and scalable analytics.
Matano Open Source Security Data Lake
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
MongoDB-HoneyProxy
A framework for generating log events without the need for infrastructure, allowing for simple, repeatable, and randomized log event creation.
NodeSecure
Open source security data lake for AWS with real-time log normalization and Detection-as-Code capabilities.
nfdump
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
Open Source Security Events Metadata (OSSEM)
A toolset for collecting and processing netflow/ipfix and sflow data from netflow/sflow compatible devices.
OpenSOC
AlienVault OSSIM provides an all-in-one security management solution with asset discovery, vulnerability assessment, and SIEM capabilities.
Panther Detections
Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.
Procmon for Linux
Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.
Public Security Log Sharing Site by Dr. Anton Chuvakin
Apache Metron is a centralized tool for security monitoring and analysis that integrates various open-source big data technologies.
python-evtx
Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.
Security-Guard
Investigate malicious logons by visualizing and analyzing Windows Active Directory event logs with LogonTracer.
Splunk Security Content
A compliant audit log tool that provides a searchable, exportable record of read/write events.
Starbase
HonnyPotter is a WordPress plugin that logs all failed login attempts, with a caution to use it at your own risk.
StreamAlert
Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.
Synthetic Adversarial Log Objects (SALO)
A toolset for collecting and processing netflow/ipfix and sflow data from netflow/sflow compatible devices.
Sysmon for Linux
A framework for generating log events without the need for infrastructure, allowing for simple, repeatable, and randomized log event creation.