Home

Welcome to the S1EM wiki!

This project is a SIEM with SIRP and Threat Intel,all in one.

Solution work with CentOS 7 and kernel 5 ( For Auditbeat ), and docker.

Inside the solution:

• Elasticsearch
• Kibana
• Filebeat
• Logstash
• Metricbeat
• Auditbeat
• Elastalert
• TheHive
• Cortex
• MISP
• OpenCTI
• Arkime
• Suricata 5
• Zeek 3
• FleetDm
• StoQ
• Heimdall
• Traefik

Note: Cortex v3.1 use ELK connector and the OpenCTI v4 connector

Guides

• Installation Guide
• Upgrade guide
• Configuration Guide
• Access Guide
• Detection Guide
• Incident Response Guide
• Threat Intel Guide
• Agent Guide
• Architecture Guide
• Troubleshooting Guide
• Screenshot of S1EM