S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable.

S1EM is a SIEM with SIRP and Threat Intel, a full packet capture, all in one.

Inside the solution:

  • Cluster Elasticsearch
  • Kibana
  • Filebeat
  • Logstash
  • Metricbeat
  • Heartbeat
  • Auditbeat
  • N8n
  • Spiderfoot
  • Syslog-ng
  • Elastalert
  • TheHive
  • Cortex
  • MISP
  • OpenCTI
  • Arkime
  • Suricata
  • Zeek
  • StoQ
  • Mwdb
  • Traefik
  • Clamav
  • Codimd
  • Watchtower
  • Homer

Note: Cortex v3.1 use ELK connector and the OpenCTI v4 connector

Installation Guide

Prerequisites

Solution works with Linux, docker, and docker-compose.
For auditbeat, you must have Kernel in the version 5.

On Linux, you must have in the “/etc/sysctl.conf” the line:

vm.max_map_count=262144

Physical

You must have:

  • 64 Go Ram
  • More than 100 Go of HDD in SSD ( Very Important for SSD )
  • 8 cpu
  • 1 network for management
  • 1 network for monitoring

Installation

log in to your system as « root »

git clone https://github.com/V1D1AN/S1EM.git
cd S1EM

After, run the command:

bash 01_deploy.sh

On Linux, add this entry in your /etc/hosts file to access to this solution ( change s1em.cyber.local with the hostname entered during installation ).

vi /etc/hosts
XXX.XXX.XXX.XXX s1em.cyber.local

On Windows, add this entry in your hosts file to access to this solution ( change s1em.cyber.local with the hostname entered during installation ).

notepad C:\Windows\System32\drivers\etc\hosts
XXX.XXX.XXX.XXX s1em.cyber.local

Download

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here