- JavaScript 71.1%
- EJS 15.4%
- TypeScript 5.5%
- CSS 4.2%
- Python 1.8%
- Other 2%
| admin | ||
| api | ||
| auto | ||
| ci | ||
| core | ||
| docs | ||
| dump | ||
| fluentd | ||
| guard | ||
| images | ||
| log | ||
| pipe | ||
| server | ||
| serverless | ||
| .gitignore | ||
| compose.yml | ||
| LICENSE | ||
| log.sh | ||
| README.md | ||
| run.sh | ||
| SECURITY.md | ||
| setup.sh | ||
| sol.sh | ||
| TODO.md | ||
SEIM
SEIM is a custom log monitoring and analysis solution that is built using Docker, It allows visualizing data from multiple sources and generate PDF reports to be shared. It is based on my research done on SIEM platforms like wazuh and Splunk. It can also connect to different AI models to detect threats in real time. SEIM can be used to detect DDOS and DOS attacks on a site and provide an incident report of the following.
Note
This repository only contains the architecture and the analysis code for the platform, not the code related to AI model. The model and its functionality are exposed using an API endpoint. The best_model.pkl file is the model for the detection is not included in this git repo, but it can be download for this Drive
Model
The Model for the detection can be download here and should be placed in the guard directory
Deployment
To deploy this project run
bash setup.sh
OR
chmod +X setup.sh \
./setup.sh
Usage/Examples
Visit localhost to view the demo site and visit admin.localhost to get access to the admin panel after running the start-up script, to view live analytics and alerts about attacks happening on the demo site.
To Stop the project run the setup script with the stop argument ./setup.sh stop
🔹 Docker Compose OverView
🔹 User Data Workflow
