Alternatives and similar repositories for OSSIEM

Users that are interested in OSSIEM are comparing it to the libraries listed below

• socfortress / CoPilot
  SOCFortress CoPilot
  ☆427Updated this week
• socfortress / SOCFortress-Threat-Intel
  Integrate your Wazuh-Manager or Graylog with the SOCFortress Threat Intel Service
  ☆32Updated last year
• juaromu / wazuh-opencti
  ☆40Updated 2 years ago
• branchnetconsulting / wazuh-tools
  Useful scripts for those administering Wazuh
  ☆91Updated 2 weeks ago
• WithSecureLabs / Kanvas
  A simple-to-use IR (incident response) case management tool for tracking and documenting investigations.
  ☆433Updated 3 months ago
• gbrigandi / mcp-server-wazuh
  MCP Server for Wazuh SIEM
  ☆164Updated last month
• tguard-soc-package / nusantara
  ☆219Updated last year
• stanfrbd / cyberbro
  A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
  ☆489Updated this week
• MISP / misp-docker
  A production ready Dockered MISP
  ☆309Updated this week
• dLoProdz / OSSIEM
  Open Source SIEM Stack
  ☆29Updated last year
• utmstack / UTMStack
  Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
  ☆522Updated this week
• yevonnaelandrew / t-guard
  T-Guard Repository
  ☆18Updated last year
• weslambert / velociraptor-docker
  Docker image for Velocidex Velociraptor
  ☆142Updated 3 weeks ago
• bitorscanner / Bitor
  Bitor Scanning Software
  ☆439Updated 2 months ago
• socfortress / wazuh-mcp-server
  Repo to hold wazuh manager mcp server
  ☆71Updated 4 months ago
• socfortress / Wazuh-Rules
  Advanced Wazuh Rules for more accurate threat detection. Feel free to implement within your own Wazuh environment, contribute, or fork!
  ☆1,197Updated last week
• ls111-cybersec / thehive-cortex-misp-docker-compose-lab11update
  ☆32Updated 2 years ago
• itiligent / Easy-OpenVAS-Installer
  2025 OpenVAS appliance install & upgrade scripts, includes https front end (self signed), authenticated SMB scanning & email reports
  ☆91Updated 3 months ago
• cyberblu3s / CyberBlue
  CyberSecurity BLUE TEAM containerized platform that brings together open-source tools for SIEM, DFIR, CTI, SOAR, and Network Analysis
  ☆440Updated 3 months ago
• OpenSecureCo / Demos
  Repo Filled With Follow Along Guides
  ☆80Updated 3 years ago
• juaromu / wazuh-misp
  ☆20Updated 3 years ago
• splunk / DECEIVE
  DECeption with Evaluative Integrated Validation Engine (DECEIVE): Let an LLM do all the hard honeypot work!
  ☆272Updated 7 months ago
• sublime-security / sublime-platform
  A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing. Gain visibility and contr…
  ☆244Updated last month
• OpenSecureCo / Wazuh
  ☆32Updated 4 years ago
• hulkmode / echothreat
  ☆31Updated 5 months ago
• shauntdergrigorian / splunkqueries
  A list of Splunk queries that I've collected and used over time.
  ☆90Updated 5 years ago
• crow1011 / wazuh2thehive
  Wazuh integration TheHive
  ☆41Updated 2 years ago
• jccyberx / Cybether
  Cybether - A modern, open-source Cybersecurity Governance, Risk, and Compliance (GRC) dashboard
  ☆85Updated last month
• cisagov / playbook-ng
  Playbook-NG is a stateless web-based application used to match incident findings with countermeasures for adversary containment and evict…
  ☆156Updated last month
• Krook9d / TA-Purplelab-Splunk
  Splunk add-on related to the PurpleLab tool
  ☆41Updated last year