Alternatives and similar repositories for OSSIEM

Users that are interested in OSSIEM are comparing it to the libraries listed below

• socfortress / CoPilot
  SOCFortress CoPilot
  ☆296Updated this week
• socfortress / SOCFortress-Threat-Intel
  Integrate your Wazuh-Manager or Graylog with the SOCFortress Threat Intel Service
  ☆29Updated 9 months ago
• WithSecureLabs / Kanvas
  A simple-to-use IR (incident response) case management tool for tracking and documenting investigations.
  ☆217Updated 2 weeks ago
• MISP / misp-docker
  A production ready Dockered MISP
  ☆255Updated last week
• branchnetconsulting / wazuh-tools
  Useful scripts for those administering Wazuh
  ☆84Updated 3 weeks ago
• dLoProdz / OSSIEM
  Open Source SIEM Stack
  ☆24Updated 9 months ago
• tguard-soc-package / nusantara
  ☆215Updated last year
• stanfrbd / cyberbro
  A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
  ☆439Updated this week
• socfortress / Wazuh-Rules
  Advanced Wazuh Rules for more accurate threat detection. Feel free to implement within your own Wazuh environment, contribute, or fork!
  ☆802Updated last week
• juaromu / wazuh-opencti
  ☆35Updated last year
• gbrigandi / mcp-server-wazuh
  MCP Server for Wazuh SIEM
  ☆80Updated last week
• ls111-cybersec / thehive-cortex-misp-docker-compose-lab11update
  ☆28Updated last year
• itiligent / Easy-OpenVAS-Installer
  2025 OpenVAS appliance install & upgrade scripts, includes https front end (self signed), authenticated SMB scanning & email reports
  ☆71Updated 4 months ago
• yevonnaelandrew / t-guard
  T-Guard Repository
  ☆16Updated last year
• bitorscanner / Bitor
  Bitor Scanning Software
  ☆391Updated this week
• utmstack / UTMStack
  Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
  ☆283Updated this week
• lawrencesystems / graylog_extractors
  ☆62Updated last month
• 3CORESec / testmynids.org
  A website and framework for testing NIDS detection
  ☆266Updated 9 months ago
• bgenev / impulse-xdr
  Fully automated host & network intrusion detection platform. Detects malware from behavioural patterns rather than signatures and enables…
  ☆137Updated last year
• CyberFlooD / WAZUH-Sentinel-AD
  WAZUH Sentinel AD - Ultimate rules for Wazuh
  ☆28Updated 3 weeks ago
• aleksibovellan / opnsense-suricata-nmaps
  OPNSense's Suricata IDS/IPS Detection Rules Against NMAP Scans
  ☆70Updated 5 months ago
• weslambert / velociraptor-docker
  Docker image for Velocidex Velociraptor
  ☆129Updated 4 months ago
• V1D1AN / S1EM
  This project is a SIEM with SIRP and Threat Intel, all in one.
  ☆450Updated 7 months ago
• OpenSecureCo / Demos
  Repo Filled With Follow Along Guides
  ☆79Updated 3 years ago
• zdhenard42 / SOC-Multitool
  A powerful and user-friendly browser extension that streamlines investigations for security professionals.
  ☆397Updated 2 months ago
• securityjoes / MasterParser
  MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
  ☆733Updated 3 months ago
• NUKIB / misp
  Docker image for MISP
  ☆132Updated last month
• crow1011 / wazuh2thehive
  Wazuh integration TheHive
  ☆38Updated 2 years ago
• activecm / rita
  Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…
  ☆317Updated last week
• splunk / DECEIVE
  DECeption with Evaluative Integrated Validation Engine (DECEIVE): Let an LLM do all the hard honeypot work!
  ☆259Updated last month