Siembol provides a scalable, advanced security analytics framework based on open-source big data technologies. Siembol normalizes, enriches, and alerts on data from various sources which allows security teams to respond to attacks before they become incidents.
Siembol uses a highly scalable streaming architecture to enable cost-effective, sophisticated, real-time analytics on security data.
Siembol threat discovery uses rule-based alerting, and can consolidate multiple rules for more powerful correlation detections.
Flexible incident response workflows can be built and triggered in real-time via the highly modular and pluggable framework.
Supports deployment on an external Hadoop cluster and accommodates easy installation with prepared Docker images and Helm charts.