Siembol
Siembol provides a scalable, advanced security analytics framework based on open-source big data technologies. Siembol normalizes, enriches, and alerts on data from various sources, which allows security teams to respond to attacks before they become incidents.
Introduction
Siembol is an open-source, real-time security information and event management tool developed in-house at G-Research.
Siembol's use cases:
- SIEM Log Collection Using Open Source Technologies
Siembol can be used to centralize both security data collecting and the monitoring of logs from different sources.
- Detection of Leaks and Attacks on Infrastructure
Siembol can be used as a tool for detecting attacks or leaks by teams responsible for the system platform.
For more extensive introduction, visit: Introduction.
Installation
To install locally, visit: Quickstart Guide.
How to contribute
If you wish to contribute to Siembol, first read: Contribution Guide.
Code of Conduct
G-Research has adopted a Code of Conduct that is to be honored by everyone who participates in the Siembol community formally or informally. Please read the full text: Code of Conduct
All notable changes to this project are documented in this file: CHANGELOG
Siembol UI
To learn more about Siembol's UI, visit: Siembol UI.
There you will find guides on:
- Adding a new configuration
- Submitting configurations
- Importing a sigma rule
- Releasing configurations
- Testing configurations
- Testing release
- Adding links to the homepage
- Setting up OAUTH2 OIDC
- Modifying the layout
- Managing applications
- Use ui-bootstrap file
- Filter configs and save searches
Services
To explore Siembol's services, visit: Siembol services.
There you will find guides on:
- Setting up a service in the config editor rest
- Alerting service
- Parsing service
- Enrichment service
- Response service
Deployment
To deploy Siembol, refer to: Siembol deployment.
There you will find guides on: