Generic SIEM engine detector
Project description
Clickdetect
Clickdetect is a SIEM engine on steroids, no lock-in with any vendors and powerfull detection.
Follow the doc: https://clickdetect.souzo.me
Starting guide
First of all, create your runner.yml file. (Follow doc for the creation) You will put detectors, webhooks and datasources in the configuration file.
uv
Follow uv installation in https://docs.astral.sh/uv
uv sync --no-dev
uv run clickdetect --api
Docker/Podman
Local
podman build -t clickdetect .
podman run -v ./runner.yml:/app/runner.yml -p 8080 clickdetect --api -p 8080
Github Packages
podman run -v ./runner.yml:/app/runner.yml -p 8080 ghcr.io/clicksiem/clickdetect:latest --api -p 8080
Roadmap
Webhooks
- Complete DFIR-IRIS webhook integration
- Add Slack webhook
- Add Discord webhook
- Add PagerDuty webhook
- Add Telegram webhook
- Add Opsgenie webhook
Alert Management
- Implement timeframe-based alert grouping (avoid duplicate alerts within a window)
- Implement alert silencing (suppress alerts by rule/group/tenant for a duration)
- Add API endpoints to manage silences (
POST /silence,DELETE /silence/{id})
Rule Management
- Hot reload rules without restarting (
--reloadflag or file watcher) - API endpoints to add/update/remove rules dynamically (depends on hot reload)
- Sigma rule conversion support (
sigma: truein rule definition)
Datasources
- Add support for Splunk
- Add support for OpenSearch
- Add support for Prometheus/VictoriaMetrics (metrics-based detection)
API & Observability
- Implement an endpoint to create, edit and delete rules
- Alert history endpoint to query past triggered rules
Contact-me
- E-mail: me@souzo.me
- Matrix: @souzo:matrix.org
- Linkedin: https://www.linkedin.com/in/vinicius-f-a76ba51b5/
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file clickdetect-1.1.0.tar.gz.
File metadata
- Download URL: clickdetect-1.1.0.tar.gz
- Upload date:
- Size: 16.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.1 {"installer":{"name":"uv","version":"0.11.1","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
02b4690a8f4f2612a64c124e9bef50b277cd1cc01c7be1999e14c2d05632246b
|
|
| MD5 |
dc0522660b01eb6645ea2391ff2590f6
|
|
| BLAKE2b-256 |
2964c3be36073976b47a20189228ba756b86c907e7a587945a2179078c8beeee
|
File details
Details for the file clickdetect-1.1.0-py3-none-any.whl.
File metadata
- Download URL: clickdetect-1.1.0-py3-none-any.whl
- Upload date:
- Size: 27.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.1 {"installer":{"name":"uv","version":"0.11.1","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c4563b95cb39c05e07b0f2c04f5971d1ff924fbcacf76fc4d446c929727e5f47
|
|
| MD5 |
aeb0fa2a5e2c66a2b1fa271edf0c22ff
|
|
| BLAKE2b-256 |
ee160f73282848c075f5d3d350ae62177584cb4684d9dd9835f7677a9ceed454
|
