🧞Building an Open SIEM From Scratch

I have used Elastic Stack few times whether in a Threat Hunting Lab or Detection & Behavior analysis contexts. This series of blogs is about sharing what I learned in the process.

Introduction

Building a SIEM based on open-sourced solutions can be particularly challenging but also much more fun. In this article series I will try to share how can we overcome some of the basic challenges that we may face during building such toolsets like:

Data normalization.
Event collection and processing.
Alerting : Time-based vs Event-Centric correlation
Visualizations and Dashboarding
SIEM metrics and reporting

I will be using the following tools:

Elastic Stack: Elasticsearch, Kibana, Logstash, and Beats for collecting, processing, storing, and searching data.
OpenDistro for Elasticsearch plugins for Alerting and Security.
ElastAlert for additional alerting features

PreviousAbout Cyb3rSn0rlax Next1. Introduction to Elastic Stack

Last updated 4 years ago