-
Notifications
You must be signed in to change notification settings - Fork 187
FAQ
Yes. While we test it primarily with Hortonworks distributions OpenSOC is built with all open-source components and should work on Cloudera, MapR, Pivotal, and other custom Hadoop distributions. Our test team concentrates on testing and supporting OpenSOC on Hortonworks and it is highly recommended to run OpenSOC on HDP. If you do decide to deploy OpenSOC on other platforms, however, please let us know if you see any issues and we would be happy to address them.
Not at all. OpenSOC will run on any environment that can support Flume, Kafka, Storm, Elastic Search, and Hadoop. While Cisco UCS servers are highly recommended as those are the servers we test OpenSOC on they are by no means a requirement.
That depends on your use case and what you use your SIEM tool for. OpenSOC is designed to be much more than just a SEIM tool, but it does provide SIEM-like component that may be suitable to replace your SIEM tool on case-by-case basis.
Cisco has a support team that should be able to assist with the basics to get you up and going with OpenSOC. See the [Communicating with the OpenSOC Team](Communicating with the OpenSOC Team) page for support information.
Yes, if you write your own adapter. OpenSOC is extensible and our indexing bolt comes with a capability to be extended with a Solr adapter instead of using Elastic Search adapters provided by the OpenSOC team. The Solr adapter is currently on our road map. If you are interested in accelerating the development of the Solr adapter and would be willing to contribute to the OpenSOC baseline please let us know
No. Each enrichment bolt is extensible and pluggable and can include a variety of data stores. We provided what we felt were the most appropriate data stores for each individual enrichment. If there is interest in the community for supporting additional data stores please contact one of the committers