OpenSOC- Open Security Operations Center
Security monitoring systems are important for detecting and analyzing security risks and incidents as they are happening. OpenSOC is an open source framework that integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. OpenSOC provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform.
OpenSOC can be divided into 4 areas:
- A mechanism to capture, store, and normalize any type of security telemetry at extremely high rates.
- Real time processing and application of enrichments such as threat intelligence, geolocation, and DNS information to telemetry being collected.
- Efficient information storage based on how the information will be used
- An interface that gives a security investigator a centralized view of data and alerts passed through the system.
The OpenSOC framework integrates a number of elements from the Hadoop ecosystem to provide a scalable platform for security analytics, incorporating such functionality as full-packet capture, stream processing, batch processing, real-time search, and telemetry aggregation.
You can read more about opensoc over this link: https://github.com/OpenSOC/opensoc