Generic SIEM engine detector

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for souzo from gravatar.com souzo
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Vinicius Morais
  • Requires: Python >=3.13
Report project as malware

Project description

Made in :brazil:

Clickdetect

clickdetect running

Clickdetect is a generic alerting and detection engine that supports any data source and integrates with any webhook. It is vendor-agnostic, with no lock-in, and enables powerful, flexible detection workflows.

Follow the doc: https://clickdetect.souzo.me

Supported sources

Datasources

  • Clickhouse
  • Loki
  • VictoriaLogs
  • PostgreSQL
  • Elastic/Opensearch

Webhooks

  • Generic
  • DFIR Iris
  • Forgejo
  • Email
  • Microsoft Teams
  • Slack
  • Telegram
  • Discord

Starting guide

First of all, create your runner.yml file. (Follow doc for the creation) You will put detectors, webhooks and datasources in the configuration file.

uv

Follow uv installation in https://docs.astral.sh/uv

uv sync --no-dev
uv run clickdetect --api

Docker/Podman

Local

podman build -t clickdetect .
podman run -v ./runner.yml:/app/runner.yml -p 8080 clickdetect --api -p 8080

Github Packages

podman run -v ./runner.yml:/app/runner.yml -p 8080 ghcr.io/clicksiem/clickdetect:latest --api -p 8080

Options

Flag Default Description
--api off Start the REST API server
-p, --port 8080 Port for the API server
-r, --runner runner.yml Path to the runner configuration file
--stdin off Read the runner configuration from stdin
--verbose off Verbose mode
--reload off Hot reload rules
--no-start off Do not start detectors on start
--list-webhooks off List webhooks
--list-datasources off List datasources

Roadmap

Webhooks

  • Complete DFIR-IRIS webhook integration
  • Add Slack webhook
  • Add Discord webhook
  • Add PagerDuty webhook
  • Add Telegram webhook
  • Add Opsgenie webhook

Alert Management

  • Implement timeframe-based alert grouping (avoid duplicate alerts within a window)
  • Implement alert silencing (suppress alerts by rule/group/tenant for a duration)
  • Add API endpoints to manage silences (POST /silence, DELETE /silence/{id})

Rule Management

  • Hot reload rules without restarting (--reload flag or file watcher) ✅
  • API endpoints to add/update/remove rules dynamically (depends on hot reload)
  • Sigma rule conversion support (sigma: true in rule definition)

Datasources

  • Add support for Splunk
  • Add support for OpenSearch/Elasticsearch
  • Add support for VictoriaLogs

API & Observability

  • Implement an endpoint to create, edit and delete rules
  • Alert history endpoint to query past triggered rules

Contact-me

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for souzo from gravatar.com souzo
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Vinicius Morais
  • Requires: Python >=3.13

Release history Release notifications | RSS feed

1.12.0

1.11.2

1.11.1

1.11.0

1.10.0

1.9.0

This version

1.8.1

1.8.0

1.7.0

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.1

1.1.0

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

clickdetect-1.8.1.tar.gz (22.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

clickdetect-1.8.1-py3-none-any.whl (40.5 kB view details)

Uploaded Python 3

File details

Details for the file clickdetect-1.8.1.tar.gz.

File metadata

  • Download URL: clickdetect-1.8.1.tar.gz
  • Upload date:
  • Size: 22.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for clickdetect-1.8.1.tar.gz
Algorithm Hash digest
SHA256 4a15192e240cab9b3eecaecff0266896621dec6f013b9b4f93134a0142f67c30
MD5 0cb2b9a4fe5a62c065d7f073aab4bbd7
BLAKE2b-256 b21124b34a3c2002bf5d373d94a4bcc0b609873e48157fcd9d1405e831330755

See more details on using hashes here.

File details

Details for the file clickdetect-1.8.1-py3-none-any.whl.

File metadata

  • Download URL: clickdetect-1.8.1-py3-none-any.whl
  • Upload date:
  • Size: 40.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for clickdetect-1.8.1-py3-none-any.whl
Algorithm Hash digest
SHA256 a393a6a38a34a8bbe4d8ba1b478ca39d39e25a172700410ac82a1784f555561f
MD5 9002eaefbf2d762e5044172c05c8a61f
BLAKE2b-256 7b674829085dd064caa4ad6021d6512714a28b51b0b219cd4f2cdcf090a33f15

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page