SIEMEz is a truly free security solution that allows anyone the ability to deploy their own Security Incident and Event Management System. SIEMEz allows for the ingestion of Syslog content which can then be searched and analysed. The aim of the project is to allow for easy integration of DevOps, Machine Learning and Advanced Automation.
While there are several SIEM solutions available, many require enterprise licensing to utilise effectively. The annoyance of enterprise licensing for user management, or even dashboarding and the lack of further integration of other areas of computing has led to the creation of this project. Security for hobbyists, small- medium, and large businesses should not be held ransom to enterprise licensing.
Build status from TravisCI
For all documentation regarding SIEMEz, please navigate to the Wiki.
This project follows the standard styling of PEP8
The core of SIEMEz is the Django framework, with its maturity in the web development world, coupled with the flexibility of Python, allows anyone to extend SIEMEz. In addition, the pipenv virtual environment is used along with Docker for the ability to deploy quickly, seamlessly and efficiently.
Overall the project utilises five main components:
- Django Web and Rest Framework
- Pipenv
- Docker
- Python
- RSyslog
The TravisCI also allows for extensions to allow for DevSecOps extensions, see .travis.yml
SIEMEz allows for the quick deployment and integration of log files to allow for quick security analysis but also extending to the easy integration of machine learning models.
This project is ment to be flexible and easy to integrate but allowing others to use and adapt to their needs. While this is the case, any changes to the project should be open and discussed to better the security community.
To help out with SIEMEz contact me at: contribute_siemez@exit.wtf
Follow me on Twitter
