A complete, code-forward blueprint for a Linux/cloud **detection and response** pipeline — from shipping raw logs all the way to ranked, correlated incidents. This is not a vendor brochure: it is the
Browse the actual product documentation and code examples included in this toolkit.
Key features of Security Monitoring Setup
• **A real ingestion pipeline:** annotated `filebeat.yml` and a Logstash pipeline • **High-signal detections:** five **Sigma** rules (SSH brute force→success, web • **Syscall auditing:** a curated `auditd/audit.rules` watching the files, • **Correlation that thinks in attack chains:** a documented correlation model • **Alerting + visualization:** Prometheus rules for pipeline health and signal • **Hunting + response:** eight threat-hunting queries (KQL/DSL/SPL), a MITRE
**A real ingestion pipeline:** annotated `filebeat.yml` and a Logstash pipeline
**High-signal detections:** five **Sigma** rules (SSH brute force→success, web
**Syscall auditing:** a curated `auditd/audit.rules` watching the files,
**Correlation that thinks in attack chains:** a documented correlation model
**Alerting + visualization:** Prometheus rules for pipeline health and signal
**Hunting + response:** eight threat-hunting queries (KQL/DSL/SPL), a MITRE
Configure Security Monitoring Setup parameters to see how the product works.
# 1. Try the correlation engine right now — no infrastructure required. # It ships with a sample that contains two real attack chains: python3 scripts/log_triage.py -i examples/sample-findings.ndjson # 2. Re-score treating a host as a crown jewel (watch Chain A escalate to PAGE): python3 scripts