usiem-utils
| Crates.io | usiem-utils |
| lib.rs | usiem-utils |
| version | 0.1.0 |
| created_at | 2023-07-23 22:33:54.321017+00 |
| updated_at | 2023-07-23 22:33:54.321017+00 |
| description | A framework for building custom SIEMs |
| homepage | |
| repository | https://github.com/u-siem/usiem-utils |
| max_upload_size | |
| id | 924051 |
| size | 113,157 |
Samuel Garcés Marín (SecSamDev)
documentation
README
uSIEM Utils
Enrichers
- BasicIPEnricher: Enrich all IP fields. Checks if the IP is in the block list, adds mac and hostname information to the IP.
- CloudProviderEnricher: Adds cloud provider information like Google, Azure or AWS to each IP field
- CloudServiceEnricher: Adds cloud service information like O365 to each IP field
- GeoIpEnricher: Adds geo ip information to each IP field
Tasks
- CloudProvider: Update cloud provider dataset with AWS and Azure
- CloudService: Update cloud service dataset with O365 IPs
- GeoIp: Update geo ip dataset with maxmind. Needs
MAXMIND_APIsecret in the Secrets dataset.
Slow GeoIP
Enable the SlowGeoIP datasets using the feature slow_geoip.
Async Runtime
This crate uses Tokio and reqwest.