S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable.
S1EM is a SIEM with SIRP and Threat Intel, a full packet capture, all in one.
Inside the solution:
Note: Cortex v3.1 use ELK connector and the OpenCTI v4 connector
Solution works with Linux, docker, and docker-compose.
For auditbeat, you must have Kernel in the version 5.
On Linux, you must have in the “/etc/sysctl.conf” the line:
vm.max_map_count=262144
You must have:
log in to your system as « root »
git clone https://github.com/V1D1AN/S1EM.git
cd S1EM
After, run the command:
bash 01_deploy.sh
On Linux, add this entry in your /etc/hosts file to access to this solution ( change s1em.cyber.local with the hostname entered during installation ).
vi /etc/hosts
XXX.XXX.XXX.XXX s1em.cyber.local
On Windows, add this entry in your hosts file to access to this solution ( change s1em.cyber.local with the hostname entered during installation ).
notepad C:\Windows\System32\drivers\etc\hosts
XXX.XXX.XXX.XXX s1em.cyber.local
Apache Tomcat is an open-source Java application server that implements the Java Servlet, JavaServer Pages, and…
Setting the correct timezone on your Ubuntu machine is more important than it sounds. Your…
PrestaShop is a free, open-source e-commerce platform built with PHP and MySQL. It comes with a…
SSH keys give you a more secure and convenient way to connect to remote servers. Instead…
FFmpeg is a free, open-source command-line tool for working with multimedia files. It can convert video…
Nginx server blocks let you run more than one website on a single server. Each block…