siem-splunk-connector - Akamai SIEM Connector for Splunk

  •        3

Veresion 1.3.0 was a limited release and is no longer available, but 1.4.2 includes all its features. Read on for overview and installation instructions. The sample Splunk connector is a Splunk add-on that captures security events from the Akamai Security Events Collector, which exposes a RESTful API that lets the connector pull events in JSON format. The Splunk add-on converts security events data from JSON into CIM format. The Splunk instance then analyzes high volumes of data by indexing it.

https://github.com/akamai/siem-splunk-connector


Dependencies:

commons-codec:commons-codec:1.10
org.apache.commons:commons-configuration2:2.1
org.apache.commons:commons-lang3:3.4
commons-logging:commons-logging:1.2
com.akamai.edgegrid:edgegrid-signer-apache-http-client:2.1.1
com.akamai.edgegrid:edgegrid-signer-core:2.1.1
com.google.code.gson:gson:2.8.1
net.sf.opencsv:opencsv:2.3
org.apache.httpcomponents:httpclient:4.5.3
org.apache.httpcomponents:httpcore:4.4.4
com.fasterxml.jackson.core:jackson-core:2.8.9
org.slf4j:slf4j-api:1.7.21
org.slf4j:slf4j-jdk14:1.7.21
commons-validator:commons-validator:1.6
com.splunk:splunk:7.1.0

Tags
Implementation
License
Platform

   




Related Projects

sigma - Generic Signature Format for SIEM Systems

  •    Python

Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. Sigma is for log files what Snort is for network traffic and YARA is for files.

ACE - Automated, Collection, and Enrichment Platform

  •    PowerShell

The Automated Collection and Enrichment (ACE) platform is a suite of tools for threat hunters to collect data from many endpoints in a network and automatically enrich the data. The data is collected by running scripts on each computer without installing any software on the target. ACE supports collecting from Windows, macOS, and Linux hosts. ACE is meant to simplify the process of remotely collecting data across an environment by offering credential management, scheduling, centralized script management, and remote file downloading. ACE is designed to complement a SIEM by collecting data and enriching data; final analysis is best suited for SIEM tools such as Splunk, ELK, or the tools the analyst prefers.

OSSEC - Host-based Intrusion Detection System

  •    C

OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.

docker-splunk - Docker Splunk Enterprise image

  •    Shell

This is the official repository for the Splunk Enterprise and Splunk universal forwarder Docker effort. It contains Dockerfiles that you can use to build Splunk Docker images. To learn more about the Splunk Enterprise Docker image, see the Splunk Enterprise Docker image README.

docker-splunk-legacy - Docker Splunk Enterprise image

  •    Shell

This is the official repository for the Splunk Enterprise and Splunk universal forwarder Docker effort. It contains Dockerfiles that you can use to build Splunk Docker images. To learn more about the Splunk Enterprise Docker image, see the Splunk Enterprise Docker image README.


MozDef - MozDef: The Mozilla Defense Platform

  •    Javascript

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

OSSIM, The Open Source SIEM

  •    PHP

OSSIM provides a Security Information and Event Management (SIEM) solution, and a framework that allows tight control over widely distributed enterprise networks from a single location.

splunk-sdk-python - Splunk Software Development Kit for Python

  •    Javascript

Splunk Software Development Kit for Python

Free Windows Network User Accounting

  •    Perl

FWNUA (Free Windows Network User Accounting) runs silently in a Windows login script and collects data about user logins. It allows more freedom in standardized computer naming. FWNUA keeps track of the workstations so you don't have to! FWNUA now supports syslog and Splunk! A fork of the current 3.0 version can now be downloaded. Look for the fwnua - syslog in the files list. Use Splunk or your own syslog server with data mining tools to create a robust user tracking system.

Cyberoam iView - Open Source SIEM

  •    JSP

Cyberoam iView; the Intelligent Logging & Reporting solution provides organizations network visibility across multiple devices to achieve higher levels of security, data confidentiality while meeting the requirements of regulatory compliance. To know more about Cyberoam and it�s security solutions visit us at www.cyberoam.com.

Apache Metron - Real-time Big Data Security

  •    Java

Metron integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. Metron provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform.

Clarity - Web interface for the grep

  •    Ruby

Clarity is a Splunk like web interface for your server log files. It supports searching (using grep) as well as trailing log files in realtime. It has been written using the event based architecture based on EventMachine and so allows real-time search of very large log files.

angulartics - Analytics for AngularJS applications.

  •    Javascript

**Note: we are dropping support for NuGet.You can also use $analyticsProvider.withBase(true) instead of $analyticsProvider.withAutoBase(true) if you are using a <base> HTML tag.

angulartics2 - Vendor-agnostic analytics for Angular2 applications.

  •    TypeScript

Pass string literals or regular expressions to exclude routes from automatic pageview tracking.By default, it removes IDs matching this pattern (ie. either all numeric or UUID) : ^\d+$|^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$.

ThreatHunter-Playbook - A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns

  •    

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns by leveraging Sysmon and Windows Events logs. This project will provide specific chains of events exclusively at the host level so that you can take them and develop logic to deploy queries or alerts in your preferred tool or format such as Splunk, ELK, Sigma, GrayLog etc. This repo will follow the structure of the MITRE ATT&CK framework which categorizes post-compromise adversary behavior in tactical groups. In addition, it will provide information about hunting tools/platforms developed by the infosec community for testing and enterprise-wide hunting.Can't wait to see other hunters' pull requests with awesome ideas to detect advanced patterns of behavior. The more chains of events you contribute the better this playbook will be for the community.

angle-grinder - Slice and dice log files on the command line

  •    Rust

Slice and dice log files on the command line. Angle-grinder allows you to parse, aggregate, sum, average, percentile, and sort your data. You can see it, live-updating, in your terminal. Angle grinder is designed for when, for whatever reason, you don't have your data in graphite/honeycomb/kibana/sumologic/splunk/etc. but still want to be able to do sophisticated analytics.

watchtower - Python CloudWatch Logging: Log Analytics and Application Intelligence

  •    Python

Watchtower is a log handler for Amazon Web Services CloudWatch Logs. CloudWatch Logs is a log management service built into AWS. It is conceptually similar to services like Splunk and Loggly, but is more lightweight, cheaper, and tightly integrated with the rest of AWS.

IronJacamar - Java Connector

  •    Java

IronJacamar is an implementation of the Java EE Connector Architecture 1.7 specification. Java EE Connector Architecture defines a contract for how so-called Enterprise Information Systems integrate with the Java Enterprise Edition Platform. Enterprise Information Systems include databases, messaging systems, and other servers/systems external to an application server.

mysql-connector-python - MySQL Connector/Python is implementing the MySQL Client/Server protocol completely in Python

  •    Python

MySQL Connector/Python is implementing the MySQL Client/Server protocol completely in Python. No MySQL libraries are needed, and no compilation is necessary to run this Python DB API v2.0 compliant driver. Documentation & Download: http://dev.mysql.com/doc/connector-python/en

ModSecurity-nginx - ModSecurity v3 Nginx Connector

  •    C

The ModSecurity-nginx connector is the connection point between Nginx and libmodsecurity (ModSecurity v3). Said another way, this project provides a communication channel between Nginx and libmodsecurity. This connector is required to use LibModSecurity with Nginx. The ModSecurity-nginx connector takes the form of an Nginx module. The module simply serves as a layer of communication between Nginx and ModSecurity.