Kustodian has spoken with a variety of its customer in a series of collaborated workshops on the problems with existing commercial SIEM solutions as well as Open source options. The biggest complaint about commercial SIEM’s was the ongoing licence fees, high costs and sizing limitations. The complaints for open source was it required thousands of development hours, documentation integrations that it wasn’t turnkey. Security professionals needed a working product not a framework and support options were just as expensive as the commercial products.
Kustodian has chosen Elastic’s ELK for the SIEM’s base. ELK by itself does not provide a SIEM but is a perfect base to build a SIEM using fantastic frameworks out there. These include OSINT from CriticalStack/SIEMonster, OSSEC Wazuh fork, 411 Alerting & Data Correlation UI, community rule sets and dashboards, community and open source free plugins that make the SIEM.
Based on these workshops Kustodian have built and open source SIEM solution to meet companies Informational Assurance visions without the development or ongoing cost but support options are available to clients to need assistance or custom dashboards. SIEMonster can exist both in the cloud such as AWS or in the clients existing Data Center. Some of our clients were restricted in housing data offshore, so we catered for both. SIEMonster has the following benefits.
- Fully Open Source SIEM
- No License restrictions such as node or data limitations
- Open Community for additional features
- Completely free unless you require Enterprise Support (custom dashes etc)
- On premise hosted Security Analytics and SIEM Open SOC or Cloud Hosted
- Instant Incident Alerting via email or SMS or Console view via a secure portal and integration with “Slack”/”Hipchat” using 411 Streams.
- Provide continuous Cyber Security monitoring identify, mitigate & respond to internal and external risks in real time
- Full ISMS suite of documentation including Detailed Designs, Build Guides, Maintenance and Standard Operating Procedures etc.
- Full integration with OSSEC Wazuh fork for Host Intrusion Detection and PCIDSS ruleset incorporated into Elastic
- Threat Intelligence using open source OSINT Critical stack and Intelligence feeds
- Incorporate your existing Vulnerability Scans into the Dashboard, (OpenVas,McAfee, Nessus etc.)
- Open Source Incident Response. Alerts maybe escalated as tickets to other operators or a whiteboard to show night shift analysts current issues.