Home > Markets > Cybersecurity Solutions > SIEMonster > SIEMonster Features

What is SIEMonster | SIEMonster Features | SIEMonster Options | Download SIEMonster | SageNet Cybersecurity

SIEMonster Features


SIEMonster is a free, open-source, unlimited-use solution with all the dashboards, plugins, incident response tools including ticketing systems to make a functioning SIEM and Security Operation Center (SOC). SIEMonster is a commercial-grade enterprise SIEM with dashboard development and a suite of documentation (Standard Operating Procedures, Detailed Designs, DR fail over, Backups, installation guides, etc.).


The solution is completely free and has security researchers and analysts involved in the community support for further development. The solution is yours, with no licensing limitation. Open source key players were selected deliberately. The solution had to be completely scalable, open source and completely free without exception. Of course we could have chosen Shield or Marvel from Elastic, but that would incur license costs and limitation for node sizing. So we built our solution. Using SIEMonster you can use it for free and as many nodes/clusters as you need. Just download and get started.


Documented – Unlike most products, this solution and build is completely documented.  You have a choice, you can install SIEMonster from scratch on a Linux box, or you can use the images provided. Either way we have included build guides, maintenance guides, a full ISMS suite of documentation including High Level Designs, Detailed Designs, Build Guides, Maintenance and SOP (Standard Operating Procedures) and DIY dashboard and search guides.

< Download SIEMonster for Free >

Visual Security Risks

Visual Security Risks – Dashboards to alert Security analysts of risks in the network. The Security Dashboards can alert your Security Operators to Active Directory Activity, Virus outbreaks, attempted website hacks or failed logon attempts … all displayed in a customizable dashboard.

Vulnerability Scanning

If your company uses Nessus or McAfee or any other scanners these can also be configured into a viewable dashboard. Why look at 100 of pages of vulnerabilities when you can see them on an interactive map of Critical or High Risk issues only. If your company currently does not currently scan you can download and use free OpenVas can be used to find vulnerabilities with risks populated in the Dashboard. The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), All OpenVAS products are Free Software. OpenVAS is used to determine risks in a company’s network.

Incident Ticketing System

Record incident response information for a 24/7 shift roster change. FIR is a tracking system used for Incident Response, help desk ticketing, customer service, workflow processes, change management, network operations. FIR has been included into SIEMonster to record, report, and escalate Incident Responses to other security analysts for example Level 1 support to Level 2 support. Also allows for stock answers, FAQ’s and best practice article storage.

< Learn more about SageNet Cybersecurity Solutions >


Alerts can go to the Dashboard or to an email or SMS when you’re not in front of a computer. SLACK integration enable alerts to go to your private SLACK channel for all Security staff. Email and SMS alerting is also included. This is great for when you outsource your security monitoring to a 3rd party but want to remain in the loop.

Scalable SIEM

The SIEM is completely scalable. We recommend a dual cluster front and back end system to easily support any enterprise need, However if you need to grow, clusters can be scaled out to 4/8 nodes built with Apache Hadoop AWS Scaling in mind but unlimited growth.

Support Options for Enterprise

Need support? SageNet will help you with your SIEM configuration, dashboards and updates. We realize that organizations need different levels of support for their SIEM, some are more than happy to use the community forums, others need custom modules written and Enterprise clients need 2nd and 3rd level product support and customized development. Choose the model that suits your organization.

< Download Our Cloud Security Whitepaper >

Available on Amazon AWS

Use the preconfigured Amazon AWS AMI instances and roll out immediately. A lot of clients are now using Amazon AWS services, because of this we have setup instant AMI images of SIEMonster to get you using a SIEM in your organization. We have also included archival scripts using Amazon S3 for when you want to archive and backup data as well as Amazon Glacier long term archival and backup scripts.

Built on Elastic/Apache Hadoop

The most common open-source log analytics trusted by Netflix, Facebook, LinkedIn, Cisco and Microsoft.

Threat Intelligence

SIEMonster provides OSINT (Open-Source Intelligence) threat intelligence gathering from the Dark Web, Palo Alto Networks MimeMeld and support for Tardis, Bro and SNORT. OSINT data is sent to the SIEM and is used by security analysts for event context attack prediction, prevention and detective controls with real time visualization and alerting.

< Download SIEMonster for Free >

What is SIEMonster | SIEMonster Features | SIEMonster Options | Download SIEMonster | SageNet Cybersecurity