Dsiem - Security event correlation engine for ELK stack

(419 views)

Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and produces risk-adjusted alarms. Features Runs in standalone or clustered mode with NATS as messaging bus between frontend and backend nodes. Along with ELK, this made the entire SIEM platform horizontally scalable. OSSIM-style correlation and directive rules, bridging easier transition from OSSIM. Alarms enrichment with data from threat intel and vulnerability information sources. Builtin support for Moloch Wise(which supports Alienvault OTX and others) and Nessus CSV exports. Support for other sources can easily be implemented as plugins. Instrumentation supported through Metricbeat and/or Elastic APM server. No need extra stack for this purpose. Builtin rate and back-pressure control, set the minimum and maximum events/second (EPS) received from Logstash depending on your hardware....

December 18, 2019
Subscribe
Notify of
guest
1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
MangoLinux
4 years ago

What is the difference between DSIEM and HELK ?

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.