# Building an Open SIEM From Scratch

## Introduction

Building a SIEM based on open-sourced solutions can be particularly challenging but also much more fun. In this article series I will try to share how can we overcome some of the basic challenges that we may face during building such toolsets like:

* **Data normalization.**
* **Event collection and processing.**
* **Alerting : Time-based vs Event-Centric correlation**
* **Visualizations and Dashboarding**
* **SIEM metrics and reporting**

I will be using the following tools:

* **Elastic Stack: Elasticsearch, Kibana, Logstash, and Beats for collecting, processing, storing, and searching data.**
* **OpenDistro for Elasticsearch plugins for Alerting and Security.**
* **ElastAlert for additional alerting features**