Minimal Install

Get the core SIEM stack running with the smallest footprint and no optional services.

← Back to Home

What This Includes

Falco (detection)
Falcosidekick (alert routing)
Log storage (VictoriaLogs or Loki, depending on stack)
Grafana (dashboards)

This excludes:

AI analysis API
Fleet management (Ansible)
Remote collectors
Threat intel updates
Sigma conversion

Prerequisites

Docker CE 20.10+ or Podman 4.0+ (rootful)
Linux kernel 5.8+
4GB RAM

Minimal Install

git clone https://github.com/matijazezelj/sib.git
cd sib
cp .env.example .env
make install

Minimal + Manual (If You Prefer Explicit Steps)

# For VictoriaMetrics stack (default, recommended)
make install-storage-vm
make install-grafana
make install-alerting
make install-detection

# Or for Grafana stack (Loki + Prometheus)
# make install-storage-grafana
# make install-grafana
# make install-alerting
# make install-detection

Verify

make health
./scripts/test-pipeline.sh

Next Steps

Quick Start
Troubleshooting
AI Analysis (optional)
Fleet Management (optional)

← Back to Home

Minimal Install - SIEM in a Box

A complete security monitoring stack you can deploy with one command. Runtime security detection with Falco, log aggregation with VictoriaLogs, and visualization with Grafana.

Minimal Install

What This Includes

Prerequisites

Minimal Install

Minimal + Manual (If You Prefer Explicit Steps)

Verify

Next Steps