siembol

siembol copied to clipboard

Siembol provides a scalable, advanced security analytics framework based on open-source big data technologies. Siembol normalizes, enriches, and alerts on data from various sources, which allows security teams to respond to attacks before they become incidents.

• Introduction
  • How to try Siembol
  • How to contribute
• Siembol UI
  • Adding a new configuration
  • Submitting configurations
  • Importing a sigma rule
  • Releasing configurations
  • Testing configurations
  • Testing release
  • Adding links to the homepage
  • Setting up OAUTH2 OIDC
  • Modifying the layout
  • Managing applications
  • Use ui-bootstrap file
  • Filter configs and save searches
• Siembol services
  • Setting up a service in the config editor rest
  • Alerting service
  • Parsing service
    • How to setup NetFlow v9 parsing
  • Enrichment service
    • Setting up an enrichment table
  • Response service
    • Writing a response plugin
• Siembol deployment
  • Setting up ZooKeeper nodes
  • Setting up a GitHub webhook
  • Tuning the performance of Storm topologies
  • Setting up Kerberos for external dependencies
  • Customize Helm chart