.png)
S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable.
S1EM is a SIEM with SIRP and Threat Intel, a full packet capture, all in one.
Inside the solution:
- Cluster Elasticsearch
- Kibana
- Filebeat
- Logstash
- Metricbeat
- Heartbeat
- Auditbeat
- N8n
- Spiderfoot
- Syslog-ng
- Elastalert
- TheHive
- Cortex
- MISP
- OpenCTI
- Arkime
- Suricata
- Zeek
- StoQ
- Mwdb
- Traefik
- Clamav
- Codimd
- Watchtower
- Homer
Note: Cortex v3.1 use ELK connector and the OpenCTI v4 connector
Installation Guide
Prerequisites
Solution works with Linux, docker, and docker-compose.
For auditbeat, you must have Kernel in the version 5.
On Linux, you must have in the “/etc/sysctl.conf” the line:
vm.max_map_count=262144
Physical
You must have:
- 64 Go Ram
- More than 100 Go of HDD in SSD ( Very Important for SSD )
- 8 cpu
- 1 network for management
- 1 network for monitoring
Installation
log in to your system as « root »
git clone https://github.com/V1D1AN/S1EM.git
cd S1EM
After, run the command:
bash 01_deploy.sh
On Linux, add this entry in your /etc/hosts file to access to this solution ( change s1em.cyber.local with the hostname entered during installation ).
vi /etc/hosts
XXX.XXX.XXX.XXX s1em.cyber.local
On Windows, add this entry in your hosts file to access to this solution ( change s1em.cyber.local with the hostname entered during installation ).
notepad C:\Windows\System32\drivers\etc\hosts
XXX.XXX.XXX.XXX s1em.cyber.local
.png&description=S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them interoperable.){kind=link}