Home

Welcome to the S1EM wiki!

This project is a SIEM with SIRP and Threat Intel,all in one.

Solution work with CentOS 7 and kernel 5 ( For Auditbeat ), and docker.

Inside the solution:

• Elasticsearch
• Kibana
• Filebeat
• Logstash
• Metricbeat
• Auditbeat
• Elastalert
• TheHive
• Cortex
• MISP
• OpenCTI
• Suricata 5
• Zeek 3
• FleetDm
• StoQ
• Heimdall
• Traefik

Note: Cortex v3.1 use ELK connector and the OpenCTI v4 connector

Prerequisites

Physical

For testing:

You must have:

• 12 Go Ram
• 75 Go DD
• 8 cpu
• 1 network for monitoring

For production:

You must have:

• 32 Go Ram
• More than 75 Go DD
• 8 cpu
• 1 network for monitoring

Guides

• Installation Guide
• Upgrade guide
• Configuration Guide
• Access Guide
• Detection Guide
• Architecture Guide
• Troubleshooting Guide