streamalert
Log analyzer
An automated log analysis and alerting system for real-time threat detection and incident response.
StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
3k stars
101 watching
332 forks
Language: Python
last commit: about 1 year ago
Linked from 5 awesome lists
analysisawskinesislambdarulessecurityserverlessterraform
meirwah/awesome-incident-response
0x4d31/awesome-threat-detection
manuzhang/awesome-streaming
funkmyster/awesome-cloud-security
spacial/awesome-systoolsRelated projects:
| Repository | Description | Stars |
|---|---|---|
| airbnb/binaryalert | Real-time malware detection and alert system for AWS S3 files | 1,409 |
 eldy/awstats | Analyzer software for web server log files | 378 |
 evilsocket/takuan | A system service that analyzes logs to identify malicious activity and maintains a blacklist of known cyber offenders. | 84 |
 airbus-cert/timeliner | A tool for filtering and analyzing Windows event logs based on complex time-based conditions | 36 |
 duo-labs/cloudtracker | A tool to analyze CloudTrail logs and identify over-privileged IAM users and roles in AWS accounts. | 887 |
 esrlabs/chipmunk | A tool for analyzing and searching logfiles in large files | 566 |
 googlecloudplatform/security-analytics | Provides a set of community-driven security analytics queries and rules for Google Cloud log analysis | 325 |
 reed1713/elat | A toolset for analyzing Windows event logs to detect and analyze malware | 29 |
 cookpad/deepalert | An automated security alert response framework with automatic inspection and evaluation | 43 |
 jensvoid/lorg | A tool to analyze and detect security incidents in web application logs | 209 |
 jpcertcc/toolanalysisresultsheet | An HTML-based tool for analyzing and visualizing log data from Windows execution of malicious tools to detect lateral movement. | 345 |
 carlospolop/cloudtrail2iam | Analyzes AWS CloudTrail logs to extract and summarize actions taken by users or roles | 16 |
 webpod/red | An analysis tool for monitoring server logs in real-time. | 1,475 |
 quarkslab/irma | An asynchronous analysis system for suspicious files | 269 |
 stephenplusplus/stream-events | Provides an event-driven way to detect when data is being sent or requested from a stream. | 7 |