Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and produces risk-adjusted alarms. Features Runs in standalone or clustered mode with NATS as messaging bus between frontend and backend nodes. Along with ELK, this made the entire SIEM platform horizontally scalable. OSSIM-style correlation and directive rules, bridging easier transition from OSSIM. Alarms enrichment with data from threat intel and vulnerability information sources. Builtin support for Moloch Wise(which supports Alienvault OTX and others) and Nessus CSV exports. Support for other sources can easily be implemented as plugins. Instrumentation supported through Metricbeat and/or Elastic APM server. No need extra stack for this purpose. Builtin rate and back-pressure control, set the minimum and maximum events/second (EPS) received from Logstash depending on your hardware....
What is the difference between DSIEM and HELK ?