CyberRemedy — Enterprise SIEM Features, Zero Cost - Version 1.0
Enterprise-grade threat detection for small teams no cloud, no licence fees, no data leaving your network.
TL;DR — CyberRemedy is a free, self-hosted SIEM that runs on a single machine in ~200MB. ML detection, SOAR playbooks, MITRE ATT&CK mapping, honeypots. No subscriptions. No cloud.
What is CyberRemedy?
CyberRemedy is a self-hosted Security Information and Event Management system that provides enterprise-grade threat detection, automated response, and real-time monitoring — all on a single machine.
It was built for small and medium-sized teams who need serious security capabilities without the serious price tag.
Key stats:
💰 $0 licence cost — MIT licensed forever
📦 ~200MB single binary footprint
⏱️ Under 2 minutes to deploy
🐍 Python only — no containers, no dependencies
Core Features
🔍 Multi-Vector Detection
Signature-based IDS combined with ML anomaly detection using Isolation Forest and Random Forest models. Multi-step attack correlation with YARA and Sigma rule support.
⚡ Autonomous SOAR
Auto-block CRITICAL and HIGH severity threats the moment they are detected. Built-in playbooks with firewall integration across iptables, ufw, nftables, and Windows Firewall.
🧠 MITRE ATT&CK Mapping
Every single alert is automatically mapped to the MITRE ATT&CK framework, giving your team structured TTP tracking and compliance-ready reporting.
🕵️ Honeypot Network
Multi-protocol decoys including SSH, HTTP, FTP, Telnet, SMB, and MySQL lure attackers into revealing their TTPs before they reach real assets.
👤 UEBA Engine
User and Entity Behaviour Analytics with anomaly baselines, off-hours access detection, lateral movement tracking, and privilege escalation indicators.
🌐 Threat Intelligence
IOC database for malicious IPs, domains, and file hashes. GeoIP mapping with offline CSV fallback. No API keys required.
📋 Case Management
Full incident lifecycle management — create, assign, escalate, and track SLAs. Integrated with alerts and SOAR actions for seamless analyst workflows.
🔒 RBAC & Compliance
Role-based access with admin, analyst, and readonly tiers. Built-in compliance frameworks: PCI-DSS, HIPAA, NIST 800-53, and CIS Controls.
Detection Pipeline
Raw data flows from ingestion to autonomous response in real time:
INGEST → FEATURE EXTRACTION → DETECTION → SCORING & ATT&CK → RESPONSE
| | | | |
PCAP Flow metadata Signature IDS Severity score Auto-block
Syslog Payload parsing ML anomaly MITRE mapping Playbooks
WinLog DNS analysis Correlation UEBA context Case creation
API Feeds Entropy scoring YARA / Sigma IOC lookup Alerting
How to Install
Up and running in under two minutes:
git clone https://github.com/moon0deva/CyberRemedy
cd cyberremedy
python -m venv CyberRemedy
source CyberRemedy/bin/activate
pip install -r requirements.txt
python main.py
Then open http://localhost:8000 — dashboards are ready immediately.
Live PCAP Capture:
# Requires root + scapy
sudo python main.py
22 Dashboard Views
Complete operational visibility across every dimension of your security posture:
| Alerts | Attack Chains | UEBA |
| Honeypot | MITRE ATT&CK | Cases |
| Blocked IPs | Playbooks | Threat Intel |
| Sigma Rules | YARA Scanner | Geo Map |
| Assets | Log Search | Firewall |
| PCAP Viewer | Traffic Heatmap | Syslog / WinLog |
| Reports | Settings | Pipeline Monitor |
| Responses |
Links
🌐 Website: https://moon0deva.github.io/cyberrrember/
⭐ GitHub: https://github.com/moon0deva/CyberRemedy
If CyberRemedy is useful to you or your team, a ⭐ on GitHub helps. Contributions, feedback, and bug reports are always welcome!
