Skip to Content
CyberDoyen SIEM 2.0 is released 🎉
Installation GuideWindows

Installation Guide: Windows

This guide describes how to install CyberDoyen SIEM on Windows Server environments.

Supported Windows versions:

  • Windows Server 2019
  • Windows Server 2022

1. Pre-Installation Checklist

Before starting installation:

  • Ensure you are running as a user with Administrator privileges.
  • Verify that Windows is fully updated (latest patches).
  • Confirm that your server meets the System Requirements.
  • Ensure required ports (default: 9200, 5044, 5601) are open in the firewall.

Tip: It is strongly recommended to install CyberDoyen SIEM on a clean, dedicated server for optimal performance.

2. Download the Installer

  1. Download the latest CyberDoyen SIEM Windows package (CyberDoyenSIEM-Windows-x86_64.zip) from the official source.

  2. Place the downloaded ZIP file in a directory of your choice, e.g., C:\CyberDoyen.

3. Extract the Package

  1. Right-click the ZIP file and select Extract All….
  2. Extract to C:\CyberDoyen or another directory (avoid spaces in the path if possible).

After extraction, you should see the following folders:

  • /bin - Startup scripts and management tools
  • /config - Configuration files
  • /data - Data storage directory
  • /logs - Application logs
  • /modules - Plugins and modules

4. Configure CyberDoyen SIEM

Minimal configuration is required to get started:

  1. Open C:\CyberDoyen\config\cyberdoyen.yml in a text editor (e.g., Notepad++ or VS Code).

  2. Review and update the following settings:

# cyberdoyen.yml
server:
  host: "0.0.0.0"
  port: 5601
 
elasticsearch:
  host: "localhost"
  port: 9200
 
logging:
  path: "C:/CyberDoyen/logs"
  1. Save and close the configuration file.

Note: Advanced configuration (TLS, user roles, cluster setup) is covered in the Configuration Guide.

5. Start the SIEM Server

  1. Open Command Prompt as Administrator.

  2. Navigate to the CyberDoyen directory:

cd C:\CyberDoyen\bin
  1. Start the server:
start-siem.bat

The server will initialize, start internal services (Elasticsearch, Filebeat, Web UI), and begin listening for events.

6. Access the Web Interface

Once the server is running:

  1. Open a web browser.
  2. Visit: http://localhost:5601 

You should see the CyberDoyen SIEM dashboard.

Tip: If accessing remotely, use http://<server-ip>:5601 and ensure the Windows Firewall allows traffic on port 5601.

7. Verifying the Installation

Check that:

  • Web UI loads without errors.
  • Logs are generated under C:\CyberDoyen\logs.
  • Processes are running (Elasticsearch, Filebeat, SIEM API Server).

You can also check logs by viewing:

notepad C:\CyberDoyen\logs\cyberdoyen.log

Look for Started CyberDoyen SIEM successfully in the logs.

8. Troubleshooting

IssueSolution
Port 5601 not reachableCheck Windows Firewall rules and open the port
Server startup failureCheck logs under /logs for error messages
Configuration file errorsVerify syntax in cyberdoyen.yml (YAML sensitive)
Service not startingEnsure no existing service is using ports 9200/5601

For more detailed troubleshooting, refer to the Troubleshooting Guide.

Next Steps

➡️ Proceed to Configuration Guide to set up ingestion pipelines, security rules, and dashboards.

Last updated on
System requirementsLinux