Lib.rs

Parser implementations
#siem #logs #security

usiem-utils

A framework for building custom SIEMs

by Samuel Garcés Marín

1 unstable release

0.1.0 Jul 23, 2023

#18 in #siem

MIT license

115KB
2.5K SLoC

uSIEM Utils

Documentation crates.io workflow

Enrichers

  • BasicIPEnricher: Enrich all IP fields. Checks if the IP is in the block list, adds mac and hostname information to the IP.
  • CloudProviderEnricher: Adds cloud provider information like Google, Azure or AWS to each IP field
  • CloudServiceEnricher: Adds cloud service information like O365 to each IP field
  • GeoIpEnricher: Adds geo ip information to each IP field

Tasks

  • CloudProvider: Update cloud provider dataset with AWS and Azure
  • CloudService: Update cloud service dataset with O365 IPs
  • GeoIp: Update geo ip dataset with maxmind. Needs MAXMIND_API secret in the Secrets dataset.

Slow GeoIP

Enable the SlowGeoIP datasets using the feature slow_geoip.

Async Runtime

This crate uses Tokio and reqwest.

Dependencies

~16–29MB
~428K SLoC