Siembol
An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.
Install / Use
/learn @G-Research/SiembolREADME
Status: Archived
[!WARNING]
This project is no longer maintained. Feel free to fork and make your own changes if needed.
Siembol
Siembol provides a scalable, advanced security analytics framework based on open-source big data technologies. Siembol normalizes, enriches, and alerts on data from various sources, which allows security teams to respond to attacks before they become incidents.
Introduction
Siembol is an open-source, real-time security information and event management tool developed in-house at G-Research.
Siembol's use cases:
- SIEM Log Collection Using Open Source Technologies
Siembol can be used to centralize both security data collecting and the monitoring of logs from different sources.
- Detection of Leaks and Attacks on Infrastructure
Siembol can be used as a tool for detecting attacks or leaks by teams responsible for the system platform.
For more extensive introduction, visit: Introduction.
Installation
To install locally, visit: Quickstart Guide.
How to contribute
If you wish to contribute to Siembol, first read: Contribution Guide.
Code of Conduct
G-Research has adopted a Code of Conduct that is to be honored by everyone who participates in the Siembol community formally or informally. Please read the full text: Code of Conduct
All notable changes to this project are documented in this file: CHANGELOG
Siembol UI
To learn more about Siembol's UI, visit: Siembol UI.
There you will find guides on:
- Adding a new configuration
- Submitting configurations
- Importing a sigma rule
- Releasing configurations
- Testing configurations
- Testing release
- Adding links to the homepage
- Setting up OAUTH2 OIDC
- Modifying the layout
- Managing applications
- Use ui-bootstrap file
- Filter configs and save searches
Services
To explore Siembol's services, visit: Siembol services.
There you will find guides on:
- Setting up a service in the config editor rest
- Alerting service
- Parsing service
- Enrichment service
- Response service
Deployment
To deploy Siembol, refer to: Siembol deployment.
There you will find guides on:
Related Skills
healthcheck
343.1kHost security hardening and risk-tolerance configuration for OpenClaw deployments
prose
343.1kOpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.
Writing Hookify Rules
90.0kThis skill should be used when the user asks to "create a hookify rule", "write a hook rule", "configure hookify", "add a hookify rule", or needs guidance on hookify rule syntax and patterns.
Agent Development
90.0kThis skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
