Security Operations Center

CYBERREMEDY

Autonomous Threat Intelligence & Response System

Enterprise-grade SIEM with ML anomaly detection, SOAR playbooks, and autonomous threat response — in a single ~200MB binary. No subscriptions. No cloud.

Deploy Now Explore Features
$0 License Cost
ALERT Port scan detected — 192.168.1.44 — MITRE T1046 BLOCKED Brute force attempt — SSH — 45.33.32.156 ALERT DNS tunneling suspected — query entropy 4.7 IOC Malicious hash match — SHA256 — Cobalt Strike beacon SOAR Playbook triggered — isolate host — action completed UEBA Anomalous login pattern — user jdoe — off-hours access MITRE T1059 Command execution chain — Windows host correlated ALERT Port scan detected — 192.168.1.44 — MITRE T1046 BLOCKED Brute force attempt — SSH — 45.33.32.156 ALERT DNS tunneling suspected — query entropy 4.7 IOC Malicious hash match — SHA256 — Cobalt Strike beacon SOAR Playbook triggered — isolate host — action completed UEBA Anomalous login pattern — user jdoe — off-hours access MITRE T1059 Command execution chain — Windows host correlated
// 01 — PREVIEW

Dashboard Screenshots

A look inside CyberRemedy — real-time threat visibility across every dimension.

CyberRemedy Alerts Dashboard
CyberRemedy Alerts Dashboard
CyberRemedy UEBA Dashboard
// 02 — CHANGELOG

Release Notes

Every update, improvement and fix — tracked here.

v1.1 LATEST 10 Mar 2026
NEW
  • uploading soon
// 03 — CAPABILITIES

Full-Spectrum Threat Coverage

Every layer of detection, response, and intelligence — built-in, no plugins needed.

🔍
Multi-Vector Detection

Signature IDS, ML anomaly detection using Isolation Forest + Random Forest, and multi-step attack correlation engine with YARA and Sigma rule support.

IDS ML YARA Sigma
Autonomous SOAR

Auto-block CRITICAL and HIGH severity threats. Built-in + custom playbooks with firewall integration across iptables, ufw, nftables, and Windows Firewall.

Playbooks Auto-Block Firewall
🧠
MITRE ATT&CK Mapping

Every alert is automatically mapped to the MITRE ATT&CK framework, enabling tactical analysis and compliance reporting with structured TTP tracking.

ATT&CK TTPs Compliance
👤
UEBA Engine

User and Entity Behaviour Analytics with anomaly baselines, off-hours access detection, lateral movement tracking, and privilege escalation indicators.

Behaviour Baselines Anomaly
🕵️
Honeypot Network

Multi-protocol decoys including SSH, HTTP, FTP, Telnet, SMB, and MySQL. Lures attackers into revealing TTPs before hitting real assets.

SSH HTTP SMB MySQL
🌐
Threat Intelligence

IOC database for malicious IPs, domains, and file hashes. GeoIP mapping with offline CSV fallback. No API keys required for standard operation.

IOC GeoIP Hashes
📋
Case Management

Full incident lifecycle: create, assign, escalate, and track SLAs. Integrated with alerts and responder actions for seamless analyst workflows.

SLA Assign Escalate
📡
Log Ingestion

Syslog via UDP/TCP on port 5514, Windows Event Log agent, optional PCAP capture (root mode). 365-day retention with daily rotation and gzip compression.

Syslog WinLog PCAP 365 days
🔒
RBAC & Compliance

Role-based access with admin, analyst, and readonly tiers. Built-in compliance frameworks: PCI-DSS, HIPAA, NIST 800-53, and CIS Controls.

PCI-DSS HIPAA NIST CIS
// 04 — PIPELINE

Detection Pipeline

Data flows from raw ingestion to autonomous response in real-time.

STAGE 01
Ingest
  • Network PCAP
  • Syslog UDP/TCP
  • Windows Events
  • API Feeds
STAGE 02
Feature Extraction
  • Flow metadata
  • Payload parsing
  • DNS analysis
  • Entropy scoring
STAGE 03
Detection
  • Signature IDS
  • ML anomaly
  • Correlation
  • YARA / Sigma
STAGE 04
Scoring & ATT&CK
  • Severity score
  • MITRE mapping
  • UEBA context
  • IOC lookup
STAGE 05
Response
  • Auto-block
  • Playbooks
  • Case creation
  • Alerting
// 05 — VISIBILITY

Dashboard Views

Complete operational visibility across every dimension of your security posture.

Alerts
Attack Chains
UEBA
Honeypot
MITRE ATT&CK
Cases
Blocked IPs
Playbooks
Threat Intel
Sigma Rules
YARA Scanner
Geo Map
Assets
Log Search
Firewall
PCAP Viewer
Traffic Heatmap
Syslog / WinLog
Reports / Email
Settings
Pipeline Monitor
Responses
RAM 200MB
// 06 — DEPLOY

QuickStart

Up and running in under two minutes. No containers, no dependencies beyond Python.

bash — cyberremedy
$git clone https://github.com/moon0deva/CyberRemedy
$cd cyberremedy
$python -m venv CyberRemedy
$source CyberRemdy/bin/activate
$pip install -r requirements.txt # if requirments fails install it manual test on python v3.12
Installing 28 modules... ████████████████ done
$python main.py
✔ Detection engine online
✔ SOAR responder armed
✔ dashboard views loaded
✔ Honeypots deployed (SSH, HTTP, FTP, SMB...)
✔ Listening on http://localhost:8000
$ _

// Also ship logs from existing infrastructure

LINUX / RSYSLOG
# Add to /etc/rsyslog.conf
*.* @@AID_ARS_IP:5514  # TCP
*.* @AID_ARS_IP:5514   # UDP
WINDOWS EVENTS
python agent/windows_agent.py \
  --server YOUR_IP \
  --port 5515 \
  --interval 30
LIVE CAPTURE
# Requires root + scapy
sudo python main.py

# Enables full PCAP capture
// 06 — LINKS

Get Involved

// 07 — PROJECTS

Other Projects

More open-source tools built by moon0deva.

🛠️
Project Name
Python

Short description of your project goes here. What does it do and who is it for?

⭐ GitHub
🔐
Project Name
Python

Short description of your project goes here. What does it do and who is it for?

⭐ GitHub
📡
Project Name
Python

Short description of your project goes here. What does it do and who is it for?

⭐ GitHub