Connect with us

Hi, what are you looking for?


Incident Response

Cisco Releases OpenSOC Security Analytics Framework as Open Source

OpenSOC Big Data Security Analytics Framework Consumes and Monitors Network Traffic and Machine Exhaust Data of a Data Center

OpenSOC Big Data Security Analytics Framework Consumes and Monitors Network Traffic and Machine Exhaust Data of a Data Center

In an effort to help organizations create an incident investigation tool that meets their specific requirements, Cisco announced on Monday the availability of the company’s OpenSOC big data security analytics framework as an open source solution.

Recent data breaches have resulted in a large number of organizations having customer details and intellectual property compromised. The incident investigation process of such breaches can be time-consuming when traditional techniques are used. The OpenSOC framework can speed up the process by providing data breach victims with all the tools and information they need in a single platform, Cisco said.

“The OpenSOC framework helps organizations make big data part of their technical security strategy by providing a platform for the application of anomaly detection and incident forensics to the data loss problem,” Cisco’s Pablo Salazar wrote in a blog post.

“By integrating numerous elements of the Hadoop ecosystem such as Storm, Kafka, and Elasticsearch, OpenSOC provides a scalable platform incorporating capabilities such as full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search, and telemetry aggregation. It also provides a centralized platform to effectively enable security analysts to rapidly detect and respond to advanced security threats,” Salazar added.

You May LikeBigger Data, Smaller Problems: Taking Hadoop Security to the Next Level

According to Cisco, OpenSOC can provide three key elements for security analytics. First of all, it captures, stores and normalizes security telemetry at high rates, providing organizations the visibility and information required for investigating and remediating an incident.

Advertisement. Scroll to continue reading.

The framework processes and applies information such as geolocation, DNS data, and threat intelligence in real time to provide context and situational awareness which, according to Cisco, are critical for a detailed and timely investigation.

OpenSOC’s interface provides alert summaries, advanced search capabilities, and full packet-extraction tools, the company said.

“The framework is highly extensible: any organization can customize their incident investigation process. It can be tailored to ingest and view any type of telemetry, whether it is for specialized medical equipment or custom-built point of sale devices. By leveraging Hadoop, OpenSOC also has the foundational building blocks to horizontally scale the amount of data it collects, stores, and analyzes based on the needs of the network,” explained Salazar.

By releasing OpenSOC as an open source solution, Cisco hopes the framework will continue to evolve, allowing organizations to improve their ability to handle incident response.

OpenSOC is not the first tool released by Cisco as an open source solution. In September 2013, the company announced the availability of Kvasir, a tool that allows penetration testers to use and share vulnerability data from multiple sources, including vulnerability scanners and exploitation frameworks. The company also runs 

Related Reading: Big Data Security Challenge: Integrating Multiple Data Sources

Related Reading: The Role of Big Data in Security

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...