SIEM in Open Distro

Hello,

Please i want to know if there is any open source module from Open Distro that can be added to the ELK stack like Detections.
Thank you in advance.

image

1 Like

Personally, I’ve never used the module you’re describing, but glancing at the documentation, it looks like it has some overlap with the Anomaly Detection plugin.

Also Wazuh uses Open Distro in their stack, but I think that’s more of a top-to-bottom SIEM solution than a standalone module.

In fact, i used winlogbeat and sysmon on a windows machine to forward logs to the elasticstack and detections was a very good solution to provide mitre att&ck techniques…
so i’m searching for a solution that can provide to me the mitre att&ck results like “Detections” did.

1 Like

Hi @opendistro1

You can build your own detection using the Alerting plugin …