Alternatives and similar repositories for SIEM

Users that are interested in SIEM are comparing it to the libraries listed below

• joesecurity / Joe-Sandbox-Bro
  JoeSandbox-Bro is a simple bro script which extracts files from your internet connection and analyzes them automatically on Joe Sandbox
  ☆45Updated 6 years ago
• EmergingThreats / IDSDeathBlossom
  IDS Utility Belt For Automating/Testing Various Things
  ☆30Updated 5 years ago
• 3c7 / aptmap
  A map displaying threat actors from the misp-galaxy
  ☆33Updated 2 years ago
• refractionPOINT / rules
  Public rules and samples for various automations through LimaCharlie.io
  ☆13Updated 4 years ago
• upa / ofpot
  OpenFlow Honeypot
  ☆25Updated 12 years ago
• CrySyS / bro-step7-plugin
  A proof of concept implementation of the Siemens S7 protocol analyser for the Bro IDS.
  ☆16Updated 8 years ago
• karttoon / iocs
  IoC's, PCRE's, YARA's etc
  ☆24Updated 8 months ago
• staaldraad / fastfluxanalysis
  Scripts to detect Fast-Flux and DGA using DNS query responses
  ☆44Updated 8 years ago
• John-Lin / malware
  This is a malware analysis project which expecte to generate snort rule via malicious network traffic
  ☆28Updated 2 years ago
• binorassocies / brostash
  brostash: Linux distribution based on Debian and focusing on network security events collection
  ☆33Updated 5 years ago
• fireeye / brocapi
  Bro PCAP Processing and Tagging API
  ☆28Updated 8 years ago
• jantonakos / ThreatHuntingExcursions
  Code, commands, and chatter about Threat Hunting.
  ☆35Updated 5 years ago
• CERT-Bund / misp-warninglists-analyzer
  Checks observables/ioc in TheHive/Cortex against the MISP warningslists
  ☆14Updated 7 years ago
• pidydx / PyIOCe
  Python OpenIOC Editor
  ☆18Updated 9 years ago
• neu5ron / malware-traffic-analysis-pcaps
  malware-traffic-analysis.net PCAPs repository.
  ☆38Updated 9 years ago
• clong / vagrant-ids
  An Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk
  ☆23Updated 7 years ago
• Neo23x0 / webshell-intel
  Scan web server for known webshell names and responses
  ☆50Updated 9 years ago
• 0x4D31 / honeyku
  A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).
  ☆65Updated 6 years ago
• bez0r / pDNS2
  Passive DNS V2
  ☆60Updated 11 years ago
• rj-chap / NFWorkshop
  Network Forensics Workshop Files
  ☆17Updated 10 years ago
• nccgroup / Royal_APT
  Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research
  ☆53Updated 7 years ago
• nccgroup / IP-reputation-snort-rule-generator
  A tool to generate Snort rules based on public IP reputation data
  ☆56Updated 12 years ago
• MalwareSoup / MitreAttack
  Python wrapper for the Mitre ATT&CK framework API
  ☆31Updated 7 years ago
• Cymmetria / StrutsHoneypot
  Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers
  ☆72Updated 8 years ago
• travisbgreen / intel_amt_honeypot
  intel amt honeypot
  ☆18Updated 8 years ago
• silascutler / MalPipe
  Malware/IOC ingestion and processing engine
  ☆108Updated 7 years ago
• Te-k / malware-classification
  Data and code for malware classification using machine learning (for fun, not production)
  ☆39Updated 5 years ago
• Security-Onion-Solutions / securityonion-docker-hh
  ☆21Updated 5 years ago
• WeaverHeavy / Threat-Intelligence-Tradecraft
  ☆27Updated 7 years ago
• mpars0ns / scansio-sonar-es
  Python scripts to parse scans.io ssl data and ingest into elasticsearch for searching
  ☆33Updated 9 years ago