siemstress

LSE toolsLSE toolssiemstress (391)siemstress (391)

Tool and Usage

Project details
Inception
LicenseMIT
Programming languagePython
AuthorDan Persons
Latest release0.8a0 []

Project health

60
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Siemstress is a lightweight security information and event management (SIEM) system. It uses a MariaDB database as backend and a set of command line interface tools to query and manage the data.

How it works

Siemstress collects data from sources like syslog and stores them in a SQL database for further processing.

Usage and audience

siemstress is commonly used for event management. Target users for this tool are security professionals and system administrators.

Features

  • Command line interface

Example usage and output

usage: siemparse [-h] [--version] [-c CONFIG] [-s SECTION] [-z TZONE]
[file]

positional arguments:
file set a file to follow

optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
-c CONFIG set the config file
-s SECTION set the config section
-z TZONE set the offset to UTC (e.g. '+0500')
Parse log data and import it into Siemstress
usage: siemquery [-h] [--version] [other-options]

optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
-c CONFIG set the config file
-s SECTION set the config section
--verbose print SQL statement used for query
--silent silence table output to terminal
--rule set rule query mode
--json FILE set a JSON output file

query options:
--table TABLE set a table to query
--last LAST match a preceeding time range (5m, 24h, etc)
--range START-FINISH match a date range (format: YYmmddHHMMSS)
--id ID match an event ID
--shost HOST match a source host
--sport PORT match a source port
--dhost HOST match a destination host
--dport PORT match a destination port
--process PROCESS match a source process
--pid PID match a source Process ID
--protocol PROTOCOL match a protocol
--grep PATTERN match a pattern
--rshost HOST filter out a source host
--rsport PORT filter out a source port
--rdhost HOST filter out a destination host
--rdport PORT filter out a destination port
--rprocess PROCESS filter out a source process
--rpid PID filter out a source Process ID
--rprotocol PROTOCOL filter out a protocol
--rgrep PATTERN filter out a pattern
Query the database using filters
usage: siemtrigger [-h] [--version] [-c CONFIG] [--table TABLE] [--oneshot]

optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
-c CONFIG set the config file
--table TABLE set a rule table
--oneshot check database once and exit
siemtrigger can trigger an event based on database analysis

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + Very low number of dependencies
  • + The source code of this software is available

Author and Maintainers

Siemstress is under development by Dan Persons.

Installation

Supported operating systems

Siemstress is known to work on Linux.

siemstress alternatives

Similar tools to siemstress:

100

Cyphon

Cyphon is an incident management and response platform to deal with incoming alerts and messages. It is multi-purpose and can be used for information security.

100

TheHive

TheHive is a platform to deal with security incidents. It helps CSIRTs, CERTs, and SOCs to deal with the available data and decrease the amount of manual analysis.

All siemstress alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Categories

This tool is categorized as a security event management tool and SIEM tool.