-
Notifications
You must be signed in to change notification settings - Fork 104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support security analytics - Threat detection, intrusion detection #109
Comments
Would be nice to have a whole plugin for it? |
@HarishHary, Here are some of the high level requirements we are thinking of supporting
|
@praveensameneni Is this planned for 2.0? |
|
Shouldnt the log sources be parsed by fluentbit or something similar and transformed to something like ECS? Example configs would be nice for this. Automatic detection based on live threat Intel would be cool as well, something like how Suricata does it with its rules that are updated frequently. Really like the feature, especially given the prices of Sentinel, Splunk, Elastic, etc. |
Please provide feedback on the RFC for security analytics - |
Closing in favor of the new Meta issue created in the Security Analytics Repo : opensearch-project/security-analytics#7 |
Support an open-source solution for security operations in OpenSearch, which addresses the cost and the complexity of commercial SIEM solutions. Security Analytics’ threat detection engine is pre-loaded with a rich set of threat detection rules, which define conditional logic to apply to the ingested log records
The text was updated successfully, but these errors were encountered: