SIEM Tactics, Techiques, and Procedures
Alternatives To Siem
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Trivy19,40756a day ago204November 06, 2023198apache-2.0Go
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Nuclei15,50210a day ago381September 16, 2023195mitGo
Fast and customizable vulnerability scanner based on simple YAML based DSL.
24 days ago61April 21, 2021169otherGo
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Trufflehog12,756664 days ago42April 28, 2021188agpl-3.0Go
Find and verify credentials
14 days ago108otherPython
Exploitation Framework for Embedded Devices
Rustscan11,14813 months ago18November 07, 2022128gpl-3.0Rust
🤖 The Modern Port Scanner 🤖
6 days ago8October 03, 202260Python
Web path scanner
Awesome Security10,497
18 days ago16mit
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
3 days ago162November 20, 202379gpl-3.0Go
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Tsunami Security Scanner7,94042 months ago18July 25, 202341apache-2.0Java
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Alternatives To Siem
Select To Compare

Alternative Project Comparisons

These resources are intended to guide a SIEM team to...

  • ... develop a workflow for content creation (and retirement) in the SIEM and other security tools.
  • ... illustrate detection coverage provided and highlight coverage gaps as goals to fill.
  • ... eliminate or add additional layers of coverage based on organizational needs.
  • Ensure proper logs are generated and recorded for sufficient detection, investigation, and compliance.

Preparation, Prerequisites, etc.

Without covering the basics, there isn't much point in having a SIEM. Harden your environment and configure appropriate auditing on all endpoints.


Detection Tactics

To detect an attacker, one must be equipped with the necessary logs to reveal their activities. Here we use a matrix to map detection tactics to attacker tactics (Mitre ATT&CK).

Detection Methods

Once necessary logs are collected (detection tactics), use various methods to reveal anomalous, suspicious, and malicious activity.

Detection Use Cases

Use Cases provide a means to document solutions for many reasons including tracking work, uniform response, content recreation, metrics & reporting, making informed decisions, avoiding work duplication, and more.

Data Enrichment

These efforts can provide significant benefits to some ingested logs. Typically enrichment will result in either adding a new field to events or a lookup table for use in filtering or filling in a field.


Set up a lab with a Windows system, a SIEM, and an attacking system to aid in detection research and development.


  • [ ] Add Use Case Examples
  • [ ] Add Threat Hunts Library
  • [ ] Add an object oriented, relational database approach to recording and associating all elements to one another - cases, adversaries, techniques, mitigations, detections, hunts, log sources, etc.
Popular Security Projects
Popular Scanner Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Code Coverage
Threat Hunting