• Stars
    star
    1,232
  • Rank 38,102 (Top 0.8 %)
  • Language
    Python
  • License
    MIT License
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Open Source Security Events Metadata (OSSEM)

Open Source Security Events Metadata (OSSEM)

Open Source Love Open_Threat_Research Community Twitter

A community-led project focused primarily on the documentation, standardization and modeling of security event logs.

https://ossemproject.com/intro.html

Goals

  • Define and share a common data moel in order to improve the data standardization and transformation of security event logs
  • Define and share data structures and relationships identified in security events logs
  • Provide detailed information in a dictionary format about several security event logs to the community
  • Learn more about security event logs (Windows, Linux, MacOS, Azure, AWS, etc)

Project Structure

  • Data Dictionaries (DD):
    • Contains specific information about several security event logs organized by operating system and their respective data providers.
    • Each dictionary describes a single event log and its corresponding field names.
    • It provides the foundational concepts to create a data wiki in an organization.
  • Common Data Model (CDM)
    • Facilitates the normalization of data by providing a standard way to parse security event logs.
    • The project is organized by schema entities identified in several data sources.
    • The definitions of each schema entity and its respective attributes (field names) are mostly general descriptions that could help and expedite event logs parsing procedures.
    • The project also provides the concept of schema tables to aggregate common entities and parse similar data sources. For example, HTTP, Port and User Agent entities can be used to normalize network traffic metadata captured in a network environment.
  • Detection Model (DM):
    • Focuses on identifying relationships among security events to facilitate the development of data analytics and help validate the detection of adversary techniques.

Sponsors

Author

Current Committers

Projects Using OSSEM

Resources

More Repositories

1

ThreatHunter-Playbook

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Python
3,964
star
2

Security-Datasets

Re-play Security Events
PowerShell
1,582
star
3

ATTACK-Python-Client

Python Script to access ATT&CK content available in STIX via a public TAXII server
Python
554
star
4

Microsoft-Sentinel2Go

Microsoft Sentinel2Go is an open source project developed to expedite the deployment of a Microsoft Sentinel research lab.
PowerShell
540
star
5

Blacksmith

Building environments to replicate small networks and deploy applications
PowerShell
317
star
6

OSSEM-DM

OSSEM Detection Model
Python
164
star
7

detection-hackathon-apt29

Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets
Jupyter Notebook
130
star
8

SimuLand

Cloud Templates and scripts to deploy mordor environments
Shell
127
star
9

infosec-jupyter-book

The Infosec Community Definitive Guide to Jupyter Notebooks
Dockerfile
107
star
10

infosec-jupyterthon

A community event for security researchers to share their favorite notebooks
Jupyter Notebook
105
star
11

GenAI-Security-Adventures

Jupyter Notebook
93
star
12

Set-AuditRule

Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity
PowerShell
86
star
13

notebooks-forge

A collection of notebooks built for defensive and offensive operations.
Jupyter Notebook
76
star
14

API-To-Event

A repo to document API functions mapped to security events across diverse platforms
74
star
15

OSSEM-DD

OSSEM Data Dictionaries
Python
56
star
16

OSSEM-CDM

OSSEM Common Data Model
54
star
17

bloodhound-notebook

BloodHound Cypher Queries Ported to a Jupyter Notebook
Python
53
star
18

openhunt

Python
33
star
19

bloodhound-notebooks

Notebooks created to attack and secure Active Directory environments
Jupyter Notebook
27
star
20

SANS-BlueTeamSummit-2022

Repo to track SANS BlueTeam Summit Presentation
Jupyter Notebook
23
star
21

2021-OceanLotus-workshop

HCL
18
star
22

BHEU22-ADFS

Writing Your Own Ticket to the Cloud Like APT: A Deep-dive to AD FS Attacks, Detections, and Mitigations
12
star
23

MEAN

Microsoft Entra ID Administration LLM-based Autonomous Agent
Jupyter Notebook
8
star
24

docker-c2

Docker files used to deploy known Command & Control (C2) Frameworks
5
star
25

workshop-ekoparty-bluespace-2020

Materiales para enseñar lo básico de Jupyter Notebooks y análisis de data con Pandas
Dockerfile
3
star
26

OpenSec-Library

2
star
27

Blog-Website

Official OTR Blog Website
2
star
28

Infosec-DMZ

1
star
29

OSSEM-DD-MASK

An extension of the OSSEM-DD repository.
1
star
30

Community-Presentations

Slides
1
star