Session: Siembol – an open-source real time SIEM based on big data technologies
Siembol is an in-house developed security data processing application, forming the core of an internal Security Data Platform.
This talk is one of the first public introductions of this tool, and will include a demo (if possible).
Following the experience of using Splunk, and as early adopters of Apache Metron, the team needed and thus developed a highly efficient, real-time event processing engine with fewer limitations and more enhanced features. With Metron now retired, Siembol hopes to give the community an evolved alternative.
How Siembol improves upon Metron:
- Components for alert escalation
- Ability to integrate with other systems
- Advanced parsing framework for building fault tolerant parsers
- Enhanced enrichment component allowing for defining rules and joining enrichment tables
- Configurations and rules defined by a modern Angular web application siembol UI and stored in git repositories
- Supports oauth2/oidc for authentication and authorization in siembol UI
- Easy installation for use with prepared docker images and helm charts
Siembol Use Cases:
- SIEM log collection using open-source technologies
- Detection tool for detection of leaks and attacks on infrastructure
Siembol is an open-source project shared under Apache 2.0, going public on April 26, 2021.