S1EM v31102022 releases: SIEM with SIRP and Threat Intel

by do son · Published · Updated

Threat Intel

S1EM – a SIEM with SIRP and Threat Intel, all in one

Today, cyber-attacks are more numerous and cause damage to companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable.

S1EM is a SIEM with SIRP and Threat Intel, a full packet capture, all in one.

Inside the solution:

  • Cluster Elasticsearch
  • Kibana
  • Filebeat
  • Logstash
  • Metricbeat
  • Heartbeat
  • Auditbeat
  • Syslog-ng
  • Elastalert
  • TheHive
  • Cortex
  • MISP
  • OpenCTI
  • Arkime
  • Suricata
  • Zeek
  • StoQ
  • Mwdb
  • Heimdall
  • Traefik
  • Clamav
  • Watchtower

Note: Cortex v3.1 use ELK connector and the OpenCTI v4 connector

The architecture of access:

 

The architecture of logcollector:

Beats:

Syslog:

Threat Intel

The architecture of network capture:

Architecture with Suricata with Arkime:

Threat Intel

Architecture with Zeek:

Threat Intel

The architecture of detection:

Threat Intel

The architecture of osquery:

 

Threat Intel

Changelog v31102022

  • Add PR of mcdave2k1
  • Update the configuration of MISP

Install & Use

Tags: S1EMThreat Intel