Hello there i amtrying to build a SIEM using open source tools.
using ELK, Suricata for IDS, My sql as a DB, Ngnix as web server, Opendistro for alerting and still developping the architecture.
i would apreciate your help. what to add? what is best for threat detection and intelligence, network monitoring and if there is a open source UEBA?