LogESP

Introduction

A SIEM (Security Information and Event Management) written in Python Django. It features a web frontend, and handles log management and forensics, risk management, and asset management.

Design Principles

Security

• Built on Python Django framework
• No client-side scripting used
• Minimal installation requirements

NIST guidelines

• Risk assessment based on NIST guidelines
• Incident response and forensics apps support NIST guidelines

Simplicity

• Designed to be simple, easy to understand, use, maintain, and extend
• Embraces Unix design philosophy

Applications

---

• SIEM: Security Information and Event Management
• Assets: Asset Management
• Risk: Risk Management

SIEM Documentation

---

• Parsing
  • Parse Daemon
  • Event Parsing
    • Parsers
    • Parse Helpers
  • Configuration
• Rules
  • Sentry Daemon
  • Limit Rules
    • Rule vs. Log Events
    • Filters
    • Match Lists
    • Reverse Matching
    • Magnitude Calculation
• Events
  • Anatomy of a Log Event
  • Anatomy of a Rule Event

Daemons

---

Regex Tips

---

> Visit LogESP Website <