Open source security event correlation engine for Elastic stack

DSIEM provides OSSIM-style correlation for normalized logs/events stored in Elastic platform, queries threat intelligence and vulnerability information sources, and produces risk-adjusted alarms.

Horizontally Scalable

Runs in standalone or clustered mode with NATS as messaging bus between frontend and backend nodes. Along with Elastic, this makes the entire SIEM platform horizontally scalable.

Alarms Enrichment

Enriches alarms with information from threat intelligence and vulnerability information sources. Built-in support for Moloch Wise and Nessus CSV exports. Other sources can be integrated easily through plugins.

Modern Architecture

A cloud-native, 12 factor app, that is loosely-coupled and designed to be composable with other infrastructure platforms. It is even possible to use DSIEM as an OSSIM-style correlation engine for non-Elastic stack.

DSIEM helps you to collect logs from various sources. These logs will then be analyzed to determine whether these logs are normalized logs/events. If not, DSIEM will create an alarm that will be sent to the final SIEM alarm index in Elasticsearch. By doing so, it makes it easier for you to monitor your existing and new alarms in one platform. You just need to sit back and relax, let DSIEM decide whether incoming logs/events are safe or not.

Gain Full Visibility for Faster Threat Response

The alarm list in DSIEM let you keep an eye on all of your alarms. You can change the status of the alarms to open. in-progress, or closed. You may also tag the alarms as identified threat, false positive, valid threat, or security incident.

Visualize Data and Get Insights in Real-Time

Through the Kibana Dashboard, DSIEM can help you to collect all the visualizations, searches, and maps in real-time. Thus, enabling you to get insights about all your data at your fingertips via a dashboard.

APM Integration for Easier Transaction Tracking

With the APM Integration dashboard, DSIEM can help you track five types of transactions, including log source to frontend, frontend to backend, directive event processing, threat intel lookup, and vulnerability lookup.

Why DSIEM?

As the number of data logs created continues to increase, you need a SIEM solution that is scalable and can process large amounts of data efficiently. DSIEM is not only scalable to keep up with your business but also capable of storing, processing, and analyzing large amounts of data to help IT administrators gain insights and be alerted in real-time if an incident occurs. This allows them to respond as quickly as possible.

Download