S1EM v31102022 releases: SIEM with SIRP and Threat Intel

S1EM – a SIEM with SIRP and Threat Intel, all in one

Today, cyber-attacks are more numerous and cause damage to companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable.

S1EM is a SIEM with SIRP and Threat Intel, a full packet capture, all in one.

Inside the solution:

• Cluster Elasticsearch
• Kibana
• Filebeat
• Logstash
• Metricbeat
• Heartbeat
• Auditbeat
• Syslog-ng
• Elastalert
• TheHive
• Cortex
• MISP
• OpenCTI
• Arkime
• Suricata
• Zeek
• StoQ
• Mwdb
• Heimdall
• Traefik
• Clamav
• Watchtower

Note: Cortex v3.1 use ELK connector and the OpenCTI v4 connector

The architecture of access:

The architecture of logcollector:

Beats:

Syslog:

The architecture of network capture:

Architecture with Suricata with Arkime:

Architecture with Zeek:

The architecture of detection:

The architecture of osquery:

Changelog v31102022

• Add PR of mcdave2k1
• Update the configuration of MISP

Install & Use