PyRank
  • Insights
  • PyPI
  • GitHub
  • Search
  • Compare
  • Advisories
  • Ecosystem
  • About

Siem Python Packages

Python packages with the GitHub topic siem. Sorted by relevance, with stars and monthly downloads.
google
secops

A helper SDK to wrap the Google SecOps API for common security use cases

209K 84 45
SigmaHQ
sigmatools

Main Sigma Rule Repository

65K 11K 3K
grafana
pysigma-backend-loki

pySigma backend for generating Grafana Loki/LogQL rules

15K 53 4
tenzir
tenzir

Tenzir is the data pipeline engine for security teams.

7K 744 105
rahadbhuiya
cnsl

Security Layer

5K 4 0
call518
logsentinelai

LLM-powered security log analyzer: detect threats & anomalies with zero regex — just declare a Pydantic schema. Real-time Telegram alerts, SIEM-ready with Elasticsearch/Kibana. Supports OpenAI, Ollama, vLLM.

4K 56 11
dannyota
splunkctl

CLI tool for Splunk Enterprise SIEM operations — operate Splunk as code

2K 0 0
muchdogesec
txt2detection

A command line tool that takes a txt file containing threat intelligence and turns it into a detection rule.

2K 8 1
Nebulock-Inc
agentic-threat-hunting-framework

ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy.

2K 319 44
T0nd3
logatory

Local log analysis with PII redaction, threat detection, anomaly detection and LLM-powered insights

2K 11 0
eventum-generator
eventum-generator

Realistic synthetic events for testing, demos, and pipelines — streamed live or generated in bulk

1K 46 1
ni5h4nt
sigmalint-cli

ESLint-style linter for Sigma detection rules. Validates against Sigma 2.1.0, scores rules across six quality dimensions, emits stable rule IDs.

1K 26 10
tenzir
pyvast

Tenzir is the data pipeline engine for security teams.

1K 744 105
SigmaHQ
eis-sigmatools

Tools for the Generic Signature Format for SIEM Systems

863 11K 3K
pfrederiksen
ocsfkit

OCSF workbench CLI for normalizing, linting, explaining, diffing, and querying security events

710 1 0
mozilla
mozdef-util

Utilities shared throughout the MozDef codebase

662 2K 323
SumoLogic
pysigma-backend-sumologic

pySigma backend for Sumo Logic Cloud SIEM rule conversion

658 0 0
Eventum-Generatives
eventum-core

Realistic synthetic events for testing, demos, and pipelines — streamed live or generated in bulk

620 46 1
bonifield
parse-ioc

Parse a list of indicators into a dictionary or JSON structure for programmatic use.

614 0 0
splforge
splint-spl

A fast, zero-dependency linter for Splunk SPL — catch slow searches before they hit production.

478 0 0
paolovella
vellaveto-sdk

Python SDK for the Vellaveto agent interaction firewall

430 6 0
FunnyWolf
asp-cli

Agentic SOC Platform: A powerful, flexible, open-source, and agent-centric automated security operations platform (AI SOC)

347 934 155
tenzir
pytenzir

Tenzir is the data pipeline engine for security teams.

284 744 105
peppelinux
django-audit-wazuh

Django middleware and signals for handling security events

281 14 5
    • Data from PyPI, GitHub, ClickHouse, and BigQuery