These labs are designed for people working on the front lines of support. That includes shelters and safe houses helping clients stay digitally safe, legal aid workers building cases, and technically minded advocates offering digital support. It can also be used by survivors directly on an extra PC.
The SIEM Stack helps uncover signs of digital surveillance—whether that’s stalkerware, remote access, or hidden tracking tools. It can show if someone is accessing a device without permission, support safe evidence collection if needed, and guide survivors through steps to secure their tech.
The systems are built to be privacy-respecting from the ground up, with all logs encrypted and anonymised to meet data protection laws.
It uses open-source tools originally built for cybersecurity teams, and adapts it for survivor support. You don’t need to be a tech expert. The systems come with setup scripts, checklists, and guides for identifying threats and responding safely. It is designed for real-world use—including in places without big budgets or in-house IT teams.
These SIEM stacks are currently under active development. That means things may change rapidly—features may shift, integrations may break, and some configurations are still experimental or untested in production environments. We are actively expanding documentation, adding sample configurations, and refining log correlation strategies across Zeek, Suricata, Sysmon, and Linux endpoints. Contributions, corrections, and field-tested improvements are most welcome.
Recommended architectures for deploying the SIEM stack, based on different organisational contexts and resource levels. All are built to support forensic collection, threat detection, and incident response, while upholding survivor privacy and legal compliance. Each can be tailored to shelter environments, advocacy networks, or decentralised community deployments.
This guide walks you through setting up the SIEM stack entirely from the ground up as pilot or for testing tools. Private, powerful, and in your hands – no containers or cloud required.
This step-by-step guide is designed for shelter staff with no technical background. It will help you set up a simple device that can check computers and phones for hidden tracking software used by abusers.
This guide covers the step-by-step process of setting up and using our pre-made hardened, production-ready containers, suitable for on-premise and cloud deployment.
This guide walks you through deploying the SIEM stack in a private cloud—ideal for shelters or advocacy organisations that operate across multiple locations. You’ll get remote access, centralised monitoring, and the same surveillance detection tools—without surrendering data control to big tech.