1 unstable release
| 0.1.0 | Jul 23, 2023 |
|---|
#13 in #siem
21 downloads per month
115KB
2.5K
SLoC
uSIEM Utils
Enrichers
- BasicIPEnricher: Enrich all IP fields. Checks if the IP is in the block list, adds mac and hostname information to the IP.
- CloudProviderEnricher: Adds cloud provider information like Google, Azure or AWS to each IP field
- CloudServiceEnricher: Adds cloud service information like O365 to each IP field
- GeoIpEnricher: Adds geo ip information to each IP field
Tasks
- CloudProvider: Update cloud provider dataset with AWS and Azure
- CloudService: Update cloud service dataset with O365 IPs
- GeoIp: Update geo ip dataset with maxmind. Needs
MAXMIND_APIsecret in the Secrets dataset.
Slow GeoIP
Enable the SlowGeoIP datasets using the feature slow_geoip.
Async Runtime
This crate uses Tokio and reqwest.
Dependencies
~15–32MB
~456K SLoC