Microsoft had recently conducted the Azure Sentinel Hackathon inviting users to build solutions for its Security Information and Event Management (SIEM) platform. Opsbrew won this hackathon for their log pipeline management tool that gathers log data from disparate sources and routes them to SIEM solutions like Azure Sentinel. Opsbrew is a “sophisticated solution for enterprises and service providers,” John Lambert, Microsoft distinguished engineer and general manager, for the Microsoft Threat Intelligence Center, had said.
Open Source Log Aggregation Tools
There are many tools that provide log ingestion, and routing today. In fact, the most well-known ones are open source. Fluentd and Logstash come to mind immediately as log aggregators for a cloud native stack. They make great DIY logging solutions and are quite powerful. However, they are hard to manage at scale and are resource-intensive. There are some simpler and more lightweight alternatives like Fluentbit and Filebeat that help to an extent, but they come at the cost of full functionality.
The modern cloud native stack generates an ever-increasing volume of logs as the number of active cloud locations increases. It creates silos as different teams and environments each have their own SIEM solutions. For example, an organization may use Splunk for their on-prem SIEM needs and Elasticsearch for cloud SIEM. In doing so, they sacrifice a unified view of their log data.
Some organizations may find a proliferation of SIEM or log analysis tools being used internally by multiple teams, which drives up cloud costs over time. The result is information overload where teams find log data overwhelming rather than helpful. Opsbrew aims to unify log management across the multicloud and across diverse SIEM tools.
Opsbrew’s Take on Log Management
Opsbrew offers log pipelines as a service. As the number of cloud platforms being used by organizations increases, so does the logging infrastructure required to monitor and manage them. Log data needs to be collected from every source, sanitized, and then analyzed using log analysis tools. Opsbrew fills this gap by shipping logs from any destination to any source. Opsbrew places a log collector agent on every environment whether on-premise or in the cloud.
Opsbrew features a visual pipeline that brings a level of ease and elegance that isn’t typical of log management tools. Further, it has capabilities to transform log data using filtering so that unnecessary data can be discarded and only useful log data sent to destination tools.
It also enables masking of confidential information like passwords and security tokens and in doing so enables encryption in transit. Another notable feature is Opsbrew’s alerts. These are not alerts based on log data, but rather endpoint alerts that are triggered when logs aren’t generated, when log volumes suddenly spike, or other similar anomalies. This brings better situational awareness into security operations.
Following the Hackathon win, Arun Mohan, Co-creator of Opsbrew has been invited to speak at this year’s virtual Microsoft Ignite conference. Opsbrew is looking to build on its initial success and enable unified, situationally-aware logging for a multicloud world.
Disclosure: The author of this post has done some consulting work for Opsbrew.