Skip to content

Latest commit

 

History

History
103 lines (65 loc) · 3.42 KB

README.md

File metadata and controls

103 lines (65 loc) · 3.42 KB

English | 简体中文

Elkeid HUB

Elkeid HUB is a rule/event processing engine maintained by the Elkeid Team that supports streaming/offline (not yet supported by the community edition) data processing. The original intention is to solve complex data/event processing and external system linkage requirements through standardized rules.

Core Components

  • INPUT data input layer, community edition only supports Kafka.
  • RULEENGINE/RULESET core components for data detection/external data linkage/data processing.
  • OUTPUT data output layer, community edition only supports Kafka/ES.
  • SMITH_DSL used to describe the data flow relationship.

Application Scenarios

  • Simple HIDS

  • IDS Like Scenarios

  • Multiple input and output scenarios

Advantage

  • High Performance
  • Very Few Dependencies
  • Support Complex Data Processing
  • Custom Plugin Support
  • Support Stateful Logic Build
  • Support External System/Data Linkage

Elkeid Internal Best Practices

  • Use Elkeid HUB to process Elkeid HIDS/RASP/Sandbox/K8s auditing etc. raw data, TPS 120+ million/s. HUB scheduling instance 6000+
  • 99% alarm produce time is less than 0.5s
  • Internal Maintenance Rules 2000+

Elkeid-HUB Function List

Ability List Elkeid Community Edition Elkeid Enterprise Edition
Streaming data processing
Data input, output capability
Full frontend support
Monitoring capability
Plugin support
Debug support
Offline data processing 🙅‍♂️
Data Persistence capability 🙅‍♂️
Workspace 🙅‍♂️
Cluster mode 🙅‍♂️
Online upgrade strategy 🙅‍♂️

Front-end Display (Community Edition)

Overview

Edit Rule

Edit HUB Project

Edit HUB Python Plugin

Submission Rules

Getting Started

Elkeid HUB Handbook (Chinese Version Only)

Handbook

Demo Config

Demo

Elkeid HIDS Rule and Project (Just Example)

Elkeid Project

(Need to use with Elkeid)

LICENSE (Not Business Friendly)

LICENSE

Contact us && Cooperation