Session: Siembol – an open-source real time SIEM based on big data technologies

Siembol is an in-house developed security data processing application, forming the core of an internal Security Data Platform.

This talk is one of the first public introductions of this tool, and will include a demo (if possible).

Following the experience of using Splunk, and as early adopters of Apache Metron, the team needed and thus developed a highly efficient, real-time event processing engine with fewer limitations and more enhanced features. With Metron now retired, Siembol hopes to give the community an evolved alternative.

How Siembol improves upon Metron:

  • Components for alert escalation
  • Ability to integrate with other systems
  • Advanced parsing framework for building fault tolerant parsers
  • Enhanced enrichment component allowing for defining rules and joining enrichment tables
  • Configurations and rules defined by a modern Angular web application siembol UI and stored in git repositories
  • Supports oauth2/oidc for authentication and authorization in siembol UI
  • Easy installation for use with prepared docker images and helm charts

Siembol Use Cases:

  • SIEM log collection using open-source technologies
  • Detection tool for detection of leaks and attacks on infrastructure

Siembol is an open-source project shared under Apache 2.0, going public on April 26, 2021.