What is easySIEM?

easySIEM is a sql based security analytics and log management platform. It is powered by opendistro elasticsearch and osquery.

Features/ Multi Use-cases

  1. Security Analytics and Monitoring

  2. Log Management - Ingest logs from anywhere

  3. Multi-Agent support like Osquery, Rsyslog, Suricata, or Bring Your Own Agent/Source.

  4. Dashboards for visualizations.

  5. Endpoint Security

    1. Laptop Security - User Focused Security for Mac, Windows, and Linux Machines.

    2. Server Security - Host/Network Intrusion/Prevention Detection.

  6. Simple and Rule-based advanced Search.

  7. Incident Management - Ticketing, Comments, etc.

  8. File Integrity/Access monitoring

  9. Threat Hunting/Mitre att&ck pack added/ YARA Scanning capabilities via osquery.

  10. Live Query to the fleet.

  11. Active Response - Kill process, Isolate machines from the network, Activate firewall rules, or write your own rule for Responses.

  12. Configurable and Predefined Alerts.

  13. Automated Vulnerability Assessment and Penetration Testing

    1. Network/Infrastructure Scanning - Nmap, OpenVAS (On Scheduled basis).

    2. Web Application Scanning - OWASP ZAP Authenticated Scans.

  14. User Management - Role Based (Staff, Non-Staff) and 2FA Authentication.

  15. Addons - Kibana plugin, Host your data in your datacenter.