SecPlusTrainer / Glossary / What is an open-source SIEM?
D7 · Tools

What is an open-source SIEM?

Open-source SIEM options: Elastic Security (Elasticsearch + Kibana), Wazuh (OSSEC-based), Graylog, OpenSearch Security — provide SIEM capabilities without commercial licensing costs.
Elastic Stack (ELK) is widely deployed. Wazuh adds EDR/vulnerability management to OSSEC. OpenSearch is AWS's Elasticsearch fork. Cost: storage and infrastructure, not licensing. Require more expertise to operate than commercial SIEMs.

Related Terms

What is Nmap? What is a protocol analyzer? What is Shodan? What is tcpdump?
← Back to Glossary Practice Questions →