SIEMZello is a comprehensive, AI-powered Security Information and Event Management platform designed to provide real-time threat detection, system monitoring, and intelligent security analytics. Built with modern technologies and machine learning algorithms, it offers an intuitive interface for managing and monitoring security across distributed systems.

• AI-powered anomaly detection with four specialized ML models
• Real-time log analysis for network, memory, disk, and process activities
• Two-stage network analysis: Detection + Classification
• Explainable AI with human-readable threat explanations

• Real-time agent metrics with 15-second auto-refresh
• Interactive dashboards with modern, responsive design
• System health aggregation across all monitored agents
• Performance trend analysis and historical data

• One-click agent deployment with automated SSH configuration
• Agent connectivity testing and status monitoring
• Secure credential management with encrypted storage
• Scalable architecture supporting multiple monitoring targets

• Advanced threat visualization with interactive charts
• Alert management system with severity classification
• Security event explorer with filtering and search
• Compliance reporting and audit trails

• Centralized log collection from all monitored systems
• Intelligent log categorization with ML-based classification
• Attack probability scoring for each security event
• Historical log analysis and trend identification

graph TB
    A[SIEMZello-ui<br/>React Dashboard] --> B[SIEMZello-api<br/>FastAPI Backend]
    B --> C[SIEMZello-ai<br/>ML Engine]
    B --> D[SQLite Database]
    B --> E[Kafka Streams]
    F[Monitored Agents] --> E
    C --> G[4 Specialized Models]
    G --> H[Threat Detection]
    G --> I[Attack Classification]
    G --> J[Anomaly Explanation]

• Next.js 15.2.4 - Modern React framework
• TypeScript - Type-safe development
• TailwindCSS - Utility-first styling
• shadcn/ui - Beautiful component library
• Recharts - Data visualization

• FastAPI - High-performance Python API
• SQLite - Lightweight database
• Kafka - Message streaming
• Pydantic - Data validation

• Scikit-learn - Machine learning models
• Pandas - Data processing
• NumPy - Numerical computations
• Custom Models - Domain-specific analyzers

# Clone the repository
git clone https://github.com/your-org/siemzello.git
cd siemzello

# Frontend setup
cd SIEMZello-ui/siemzello-ui
pnpm install && pnpm dev

# Backend setup
cd ../../SIEMZello-api
pip install -r requirements.txt
uvicorn app.main:app --reload

# AI Engine setup
cd ../SIEMZello-ai
pip install -r requirements.txt
uvicorn main:app --reload --port 5000

1. Add your first agent through the web interface
2. Configure SSH credentials for secure monitoring
3. Deploy monitoring scripts with one-click automation
4. Start monitoring and view real-time metrics

• Live CPU, memory, disk, and network metrics
• Agent connectivity status and health checks
• System performance trends and alerts
• Auto-refresh every 15 seconds

• Network traffic anomaly detection
• Memory usage pattern analysis
• Disk activity monitoring
• Process behavior analysis

• Threat probability scoring
• Attack type classification
• Security event correlation
• Automated incident response

• JWT Authentication - Secure API access
• SSH Key Management - Encrypted agent communication
• Role-based Access Control - User permission management
• Audit Logging - Complete action tracking
• Data Encryption - Sensitive information protection

You will find all the documentation in SIEMZello-Core

• 📋 Complete Installation Guide
• 🏗️ Architecture Overview
• 🔌 API Documentation
• 👨‍💻 Developer Setup
• 📊 Project Report

🎓 INSAT Computer Science Students

Academic Year 2024-2025

Youssef Hamdani Full-Stack & Security

Youssef Charfeddine Backend & Networks

Hamza Badreddine ML & AI

Rayen Hamza DevOps & Testing

Passionate computer science students from INSAT, dedicated to building innovative cybersecurity solutions that combine cutting-edge AI with practical security monitoring.

• 🔒 Enhanced Security: Proactive threat detection with AI-powered analysis
• ⚡ Real-time Monitoring: Instant visibility into system health and security
• 🧠 Intelligent Analysis: Machine learning models for accurate threat assessment
• 🎨 Modern Interface: Intuitive, responsive design for optimal user experience
• 📊 Data-Driven Insights: Comprehensive analytics for informed decision-making

• ✅ Complete SIEM Implementation - Full-featured security monitoring platform
• ✅ AI Integration - Four specialized ML models for threat detection
• ✅ Modern Architecture - Microservices with scalable design
• ✅ Real-time Processing - Live metrics and instant threat analysis
• ✅ Professional UI - Production-ready dashboard interface

This project is licensed under the MIT License - see the LICENSE file for details.

• Mobile Application - iOS and Android monitoring apps
• Cloud Deployment - AWS/Azure integration
• Advanced ML Models - Deep learning threat detection
• Integration APIs - Third-party security tools
• Compliance Modules - GDPR, HIPAA, SOX support