Skip to content
/ S1EM Public

This project is a SIEM with SIRP and Threat Intel, all in one.


Notifications You must be signed in to change notification settings


Repository files navigation



Today, cyber attacks are more numerous and cause damage in companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable.

S1EM is a SIEM with SIRP and Threat Intel, a full packet capture, all in one.

Inside the solution:

  • Elasticsearch ( 1 node or Cluster )
  • Kibana
  • Filebeat
  • Logstash
  • Metricbeat
  • Heartbeat
  • Auditbeat
  • Fleet
  • N8n
  • Zircolite
  • Velociraptor
  • Spiderfoot
  • Syslog-ng
  • Elastalert
  • TheHive
  • Cortex ( With Mwdb, Capa, Yara, FileInfo, AssemblyLine )
  • MISP
  • OpenCTI
  • Arkime
  • Suricata
  • Zeek
  • Mwdb
  • Traefik
  • Codimd
  • Watchtower
  • Homer



Try S1EM

For EVTX File, you can try S1EM (Zircolite) with EVTX-ATTACK-SAMPLES.
For Pcap File, you can try S1EM (Suricata/Zeek/Mwdb) with MALWARE-TRAFFIC-ANALYSIS.


The serveur discord of S1EM :


Related project

Special thanks

En français cette fois.
Merci à mes amis et collègues qui m´ont inspiré toutes ces années, qui m´ont aidé, et corrigé des bugs. Je pense à Kidrek, Juju, mlp1515, Wagga40, Xophidia, StevenDias33, Frak113, HiPizzaa,et tous ceux qui n´ont pas forcement de compte github.
Merci à vous :)

Liens github:

Special thanks in english

Thanks to @Mcdave2k1 for your pull requests


If this project help you reduce time to develop, you can give me a cup of coffee :)