Open Source Python SIEM Tools

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization

Welcome to the Sigma main rule repository. The place where detection engineers, threat hunters and all defensive security practitioners collaborate on detection rules. The repository offers more than 3000 detection rules of different type and aims to make reliable detections accessible to all at no cost. Sigma is an open-source tool for defining generic detection rules for security event logs, enabling security professionals to detect threats across platforms.

Python script to get the last 5 minutes of accepted traffic logs via the trendmicro email security API and send them to a syslog server Script Python para obtener los ultimos 5 minutos de logs de trafico aceptado por medio de la API de trendmicro email security y enviarlos a un servidor de syslog Crontab */5 * * * * /usr/local/bin/python3.9 /home/user/tmes-syslog_0.02.py 2>&1 > /home/user/errores.txt ------------ # API documentation # Getting Started with Trend Micro Email Security APIs # https://docs.trendmicro.com/en-us/enterprise/trend-micro-email-security-rest-api-online-help/getting-started-with.aspx # Obtaining the API Key # https://docs.trendmicro.com/en-us/enterprise/trend-micro-email-security-rest-api-online-help/getting-started-with/obtaining-the-api-ke.aspx # List Mail Tracking Logs # https://docs.trendmicro.com/en-us/enterprise/trend-micro-email-security-rest-api-online-help/supported-apis/logs/list-mail-tracking-l.aspx

A C++ file security filter driver example implemented with EaseFilter File Security Filter Driver SDK. EaseFilter Comprehensive File Security SDK is a set of file system filter driver software development kit which includes file monitor filter driver, file access control filter driver, transparent file encryption filter driver, process filter driver and registry filter driver. In a single solution, EaseFilter Comprehensive File Security SDK encompasses file security, digital rights management, encryption, file monitoring, file auditing, file tracking, data loss prevention, process monitoring and protection, and system configuration protection. EaseFilter file system filter driver is a kernel-mode component that runs as part of the Windows executive above the file system. The EaseFilter file system filter driver can intercept requests targeted at a file system or another file system filter driver.

The EaseFilter File Control SDK is a powerful development toolkit for creating robust, kernel-level file security and data protection solutions on the Windows platform. It includes a high-performance file system filter driver that intercepts and manages all file I/O operations in real time, giving developers deep, granular control far beyond what is possible with standard Windows APIs or Access Control Lists (ACLs). The EaseFilter Control Filter Driver provides a powerful method for intercepting file I/O operations at both the pre-operation and post-operation stages. This dual-layered interception enables comprehensive monitoring and enforcement of file access policies.

The EaseFilter Process Filter Driver SDK is a kernel-mode development kit designed to help developers monitor and control Windows process and thread activities. By intercepting process and thread operations at the kernel level, it enables the development of robust security applications that can prevent unauthorized or malicious processes from executing. With the Process Filter Driver, it allows you to prevent the untrusted executable binaries (malwares) from being launched, protect your data being damaged by the untrusted processes. It also enables your application to get the callback notification for the process/thread creation or termination, from the new process information you can get the parent process Id and thread Id of the new created process, you also can get the exact file name that is used to open the executable file and the command line that is used to execute the process if it is available.

RedELK is a tracking and monitoring tool for Red Teams, providing insights into engagements and supporting real-time situational awareness for offensive operations.