DEF CON Forum Site Header Art
DEF CON Forum Site Header Art


No announcement yet.

Siembol Demolab at DEF CON 29

  • Filter
  • Time
  • Show
Clear All
new posts

  • Siembol Demolab at DEF CON 29

    Tool or Project Name: Siembol

    Short Abstract:
    Siembol is Anti-Malware for the Cloud: an open-source real-time SIEM (Security Information & Event Management) tool based on big data technologies.

    Short Developer Bio:
    Marian Novotny received his PhD in Computer Science from the Faculty of Sciences at Pavol Jozef Safarik University in Kosice, Slovakia. In his PhD thesis he focused on the design and analysis of security protocols. He is currently working as a software engineer at G-Research, where he is responsible for the design, analysis and implementation of security data processing applications used for security monitoring and intrusion detection. In the past he worked as a specialized software engineer at ESET, where he designed and implemented network intrusion detection systems which were integrated into various ESET products.

    URL to any additional information:

    Detailed Explanation of Tool:
    Siembol is an in-house developed security data processing application, forming the core of an internal Security Data Platform.
    Following the experience of using Splunk, and as early adopters of Apache Metron, the team needed a highly efficient, real-time event processing engine with fewer limitations and more enhanced features. With Metron now retired, Siembol hopes to give the community an evolved alternative.
    Siembol improvements over Metron:
    • Components for real-time alert escalation: CSIRT teams can easily create a rule-based alert from a single data source, or they can create advanced correlation rules that combine various data sources. Pending: tool for translating a Sigma rule specification into siembol
    • Ability to integrate with other systems using dedicated components and plugin architecture for easy integration with incident response tools
    • Advanced parsing framework for building fault tolerant parsers
    • Enhanced enrichment component allowing for defining rules and joining enrichment tables
    • Configurations and rules are defined by a modern Angular web application, with a git-based approval process
    • Supports OAUTH2/OIDC for authentication and authorization in the siembol UI
    • Easy installation for use with prepared docker images and helm charts
    Siembol Use Cases:
    • SIEM log collection using open-source technologies
    • Detection tool for discovery of leaks and attacks on infrastructure

    Supporting Files, Code, etc:

    Target Audience:

    Siembol is trying to provide SIEM functionality using open-source technologies, and is enthusiastic about building community around the project. We believe that this approach can help build a better open-source anti-malware cloud product.
    PGP Key: