🛡️
Blue Team & Detection Engineering
Open-source SIEM with custom detection rules from Red Team playbooks
root@omniforge:~/services
root@omniforge:~/services# █
root@omniforge:~/services# cat overview.md
We build detection capabilities using open-source SIEM platforms like ELK Stack and Wazuh. Our detection rules are derived from real Red Team attack patterns—C2 traffic, lateral movement, privilege escalation. We don't just deploy tools; we run purple team exercises to validate your detections and train your team to hunt for threats.
root@omniforge:~/services# ./list-capabilities --format=grid
✓ELK Stack (Elasticsearch, Logstash, Kibana) deployment
✓Wazuh SIEM & HIDS integration
✓Custom detection rule engineering (SIGMA format)
✓MITRE ATT&CK framework mapping
✓C2 beacon detection (Cobalt Strike, Empire)
✓Lateral movement & privilege escalation alerts
✓Threat hunting playbooks
✓Purple team validation exercises
root@omniforge:~/services# ./show-toolkit --category=opensource
ELK StackWazuhOSSECSuricataZeekElastic SecurityGrafanaSIGMA rulesMITRE ATT&CKAtomic Red Team
root@omniforge:~/services# ./pricing --display=tiers
SIEM Starter
R16,500/setup
$ ./blueteam --siem=elk --sources=20 --tier=starter
- →ELK/Wazuh SIEM deployment
- →Up to 20 log sources
- →Basic detection rules
- →Dashboard configuration
- →Alert notification setup
- →30-day tuning support
Most Popular
Threat Detection Platform
R38,000/setup
$ ./blueteam --siem=elk --detections=advanced --purple=true
- →Full ELK/Wazuh stack deployment
- →Unlimited log sources
- →Custom detection rules (C2, lateral movement)
- →Purple team playbook integration
- →Incident response runbooks
- →SOC dashboard design
- →Threat hunting queries
- →90-day optimization support
Managed Detection
R25,000/month
$ ./blueteam --mode=managed --sla=24x7
- →Fully managed SIEM service
- →24/7 alert monitoring
- →Incident response support
- →Monthly threat hunting
- →Detection rule updates
- →Quarterly purple team exercises
- →Compliance reporting
- →Dedicated security analyst
root@omniforge:~/services# ./methodology --show=steps
[1]
Log Source Identification
// Identify critical systems, applications, and network devices for monitoring
[2]
SIEM Deployment
// Deploy ELK/Wazuh stack, configure log ingestion and retention policies
[3]
Detection Engineering
// Build custom detection rules based on Red Team tactics and MITRE ATT&CK
[4]
Purple Team Validation
// Test detections with simulated attacks, tune for false positives, train staff
root@omniforge:~/services# ./use-cases --list
- ▸Building internal SOC capabilities
- ▸Compliance requirements (log monitoring)
- ▸Post-breach detection improvements
- ▸Managed security service alternative
- ▸Threat hunting program development
- ▸Purple team capability building