Is SIEM functional?

Hello people of the forum! I’m trying to find a definitive answer to usage of the Elastic SIEM. From what I’m reading, OD uses the open source license. A basic license from Elastic appears to be required for SIEM feature usage, however, when you go to the Kibana start page you are presented with the intro page which specifically calls out the SIEM features on the upper right. After much googling and searching in the forum, there isn’t a lot of info on the SIEM features but I would think if it didn’t work in OD it wouldn’t be shown.

The questions :

Can someone please clarify for me if the SIEM feature set works? I’ve just upgraded to OD 1.6.0 in a self hosted Docker setup.

Is there an official feature matrix that compares and contrasts OD vs Elastic direct?

You could try out SIEMonster, they have a full SIEM toolset integration with OpenDistro that’s available in a community edition.

Hi @weekendatbernies thanks for the pointer. Is this the toolset you referred to? SIEMonster | Affordable Security Monitoring Software Solution

Yes, that’s it. I heard that a new community edition release is out in the next 2 weeks with many updates including the Opendistro Anomaly Detection.

Great. Thanks for the update.

Has it been released yet ?

Confirming that the new SIEMonster community edition has just been released. Also includes SOAR functionality built on NSA’s Walkoff.
https://siemonster.com/download-community-edition/