CyberRemedy

CyberRemedy — Free Download. Self-Hosted SIEM with threat detection
CyberRemedy is a self-hosted Security Information and Event Management (SIEM) system that operates on a single machine. It provides enterprise-grade threat detection, automated response, and real-time monitoring without cloud subscription or license fees. The solution includes machine learning anomaly detection, MITRE ATT&CK mapping, SOAR playbooks, honeypots, and full log management while keeping all data inside the local network.
5.0(1 ratings)
Download CyberRemedy (Official links)
File size: 1.47 MB
The latest version of CyberRemedy is: 1.2
Operating system: MacOS, Linux
Languages: English
Developer: moon0deva
Price: $0.00 USD
  • ML Anomaly Detection. Isolation Forest and Random Forest models learn the network baseline and flag deviations that rule-based systems miss. The machine learning subsystem auto-trains on startup and includes an LSTM sequential anomaly detector (PyTorch), a Random Forest attack classifier, and pre-trained model files.
  • MITRE ATT&CK Mapping. Every alert is automatically tagged with tactics and techniques from the MITRE ATT&CK framework for rapid triage. This allows analysts to understand the attack phase and specific techniques employed without additional manual investigation.
  • Attack Chain Correlation. Links related alerts into multi-step chains: Reconnaissance → Exploitation → Command and Control → Exfiltration. This displays the complete attack story and reduces noise from individual unrelated alerts.
  • SOAR Playbooks. Automated response workflows that block, notify, escalate, and run scripts without analyst intervention. Includes specific playbooks: credential compromise response, data exfiltration response, lateral movement detection, and malware containment using StackStorm.
  • Six Honeypot Services. Fake SSH, HTTP, FTP, Telnet, SMB, and MySQL services that trigger instant alerts on any unauthorized connection. Each connection attempt is logged as a high-severity event and activates corresponding response playbooks.
  • Case Management. Full ticket lifecycle with SLA tracking and automatic case creation tied to correlated alert chains. The system maintains an SQLite database with tables for alerts, events, network flows, DNS events, and assets.
  • YARA & Sigma Rules. Scans packet payloads with built-in or custom YARA rules. Evaluates Sigma rules against live log streams in real time. Includes an additional YARA ruleset complementing built-in and malware generic rules, plus a community Sigma rules file.
  • UEBA (User and Entity Behavior Analytics). Per-entity behavioral baselines detect insider threats and compromised accounts through deviation scoring. The model calculates statistical deviations from normal behavior patterns of each user and device.
  • GeoIP Threat Map. Visual global map showing inbound alert origins by country. Provides understanding of threat geography at a glance, identifying regions with elevated malicious activity against the protected infrastructure.
  • Wi-Fi Network Monitor. Complete SIEM subsystem with ten components: active packet capture, device discovery, IoT detection, capture detection, VPN fingerprinting and deep inspection, plus a unified SIEMManager integration point.
  • VM Traffic Monitor. Agentless monitoring of VirtualBox virtual machines in Bridged mode. Captures network traffic generated by VMs without installing additional software inside each virtual machine.
  • Dark Web Monitor. Monitors dark web and data breach sources. Searches for credentials, internal domains, or confidential information that might be traded on illegal markets.
  • PDF Report Generator. Generates professional PDF reports using ReportLab. Reports include alert summaries, attack chains, geographic origin statistics, and forensic timelines.
  • Pre-seeded Forensic Data. Forensic timeline JSON files pre-seeded (TL-0001 through TL-0029). Includes additional data in data/darkweb_cache/, data/ioc_store.json, data/siem_devices.json, data/feed_cache.json, and data/sigma_rules/community_rules.yml.
  • Batch SQLite Writer. Replaces per-event JSON writes with a buffered batch SQLite writer. Tables store alerts, events, network flows, DNS events, and assets, with an operational cyberremedy.db database file.

CyberRemedy was created by the developer identified as moon0deva. Development started in the year 2022. The program is written in Python, utilizing libraries such as PyTorch for machine learning components, ReportLab for PDF generation, and StackStorm for automation playbooks.

Alternatives to CyberRemedy:

Brutefence — Free Download. Real-time RDP attack blocker

Brutefence

BruteFence is a security tool that protects Windows servers and workstations from RDP brute force attacks.
Price: $2   Size: 98 MB   Version: 3.2.0   OS: Windows
Secuditor Lite — Free Download. Endpoint security diagnostics and audit

Secuditor Lite

Secuditor Lite is a free security diagnostic tool for Windows endpoints and network analysis.
Price: Free   Size: 28 MB   Version: 2.1.3   OS: Windows
Sapience Technologies — Free Download. Proactive Threat Hunting with MITRE ATT&CK

Sapience Technologies

Sapience is a Windows security tool that analyzes system behavior to detect suspicious activities, such as anomalous processes, unusual network connections, or changes to scheduled tasks.
Price: $10   Size: 8.8 MB   Version: 1.0   OS: Windows
Fortect — Free Download. System Optimization and Security

Fortect

Fortect is a diagnostic, repair, and optimization tool for Windows and Android systems.
Price: $3   Size: 0.826 MB   Version: 7.3.4.2   OS: Windows, Android
AntiRansomware — Free Download. Protection against ransomware and data hijacking

AntiRansomware

Abelssoft AntiRansomware is a security solution specialized in detecting and preventing ransomware attacks.
Price: $29.95   Size: 17.6 MB   Version: 2025.25   OS: Windows