3.3 KiB
███████╗██╗███████╗███╗ ███╗
██╔════╝██║██╔════╝████╗ ████║
███████╗██║█████╗ ██╔████╔██║
╚════██║██║██╔══╝ ██║╚██╔╝██║
███████║██║███████╗██║ ╚═╝ ██║
╚══════╝╚═╝╚══════╝╚═╝ ╚═╝
Full-stack SIEM dashboard with real-time log correlation and MITRE ATT&CK attack scenario simulation engine.
This is a quick overview — security theory, architecture, and full walkthroughs are in the learn modules.
What It Does
- Real-time log ingestion and event correlation with three rule types (Threshold, Sequence, Aggregation)
- Four YAML-based attack playbooks mapped to MITRE ATT&CK (brute force, DNS tunneling, phishing, privilege escalation)
- Server-Sent Events for live alert feed with paginated, filterable log viewer
- Alert lifecycle management (acknowledge, investigate, resolve, false positive)
- Attack simulation engine that generates realistic multi-stage security events
- Built with Just for task automation with full Docker Compose deployment
Quick Start
docker compose up -d
Visit http://localhost:8431 or the live demo at siem.carterperez-dev.com
[!TIP] This project uses
justas a command runner. Typejustto see all available commands.Install:
curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin
Stack
Backend: Flask, MongoEngine, Redis Streams, Pydantic, Argon2, JWT, Gunicorn
Frontend: React 19, TypeScript, Vite, TanStack Query, Zustand, visx, SCSS Modules
Data: MongoDB 8, Redis 7
Learn
This project includes step-by-step learning materials covering security theory, architecture, and implementation.
| Module | Topic |
|---|---|
| 00 - Overview | Prerequisites and quick start |
| 01 - Concepts | Security theory and real-world breaches |
| 02 - Architecture | System design and data flow |
| 03 - Implementation | Code walkthrough |
| 04 - Challenges | Extension ideas and exercises |
License
AGPL 3.0