elleLog, Thoughts on SIEM

elleLog is an experimental POC SIEM designed to explore interesting aspects of SIEM design. elleLog is designed to be multi-threaded, scalable.

It features a innovative plugin design, ElasticSearch back-end and built in Syslog server, as well as OSSIM Sensor support.

Event Taxonomy discusses how the event taxonomy works.

Plugin Functions breaks down the functions which can be used within plugins.

Tags discusses the current standard set of tags which can be used within elleLog.

OSSIM shows how to setup OSSIMs agent to send events to elleLog.