There is no all-in-one perfect open source SIEM system. This is also not a list of open source SIEMs, because there is no one complete open source SIEM. Existing solutions either lack core SIEM capabilities, such as event correlation and reporting, or require combining with other tools. But if you decide that you want to take on the extensive project of building your own SIEM from the ground up with open source, here are the components we think you should use.
1. OpenSearch
OpenSearch is an open source software project launched in 2021 as a fork of the Elasticsearch and Kibana projects, with development led by Amazon Web Services. The project includes a database (also named OpenSearch) and frontend visualization and analytics called OpenSearch Dashboards. Read more…