Warning
This project is no longer maintained. Feel free to fork and make your own changes if needed.
Siembol provides a scalable, advanced security analytics framework based on open-source big data technologies. Siembol normalizes, enriches, and alerts on data from various sources, which allows security teams to respond to attacks before they become incidents.
Siembol is an open-source, real-time security information and event management tool developed in-house at G-Research.
Siembol's use cases:
- SIEM Log Collection Using Open Source Technologies
Siembol can be used to centralize both security data collecting and the monitoring of logs from different sources.
- Detection of Leaks and Attacks on Infrastructure
Siembol can be used as a tool for detecting attacks or leaks by teams responsible for the system platform.
For more extensive introduction, visit: Introduction.
To install locally, visit: Quickstart Guide.
If you wish to contribute to Siembol, first read: Contribution Guide.
G-Research has adopted a Code of Conduct that is to be honored by everyone who participates in the Siembol community formally or informally. Please read the full text: Code of Conduct
All notable changes to this project are documented in this file: CHANGELOG
To learn more about Siembol's UI, visit: Siembol UI.
There you will find guides on:
- Adding a new configuration
- Submitting configurations
- Importing a sigma rule
- Releasing configurations
- Testing configurations
- Testing release
- Adding links to the homepage
- Setting up OAUTH2 OIDC
- Modifying the layout
- Managing applications
- Use ui-bootstrap file
- Filter configs and save searches
To explore Siembol's services, visit: Siembol services.
There you will find guides on:
- Setting up a service in the config editor rest
- Alerting service
- Parsing service
- Enrichment service
- Response service
To deploy Siembol, refer to: Siembol deployment.
There you will find guides on: