SOF-ELK integrate with opensearch

[oodog0126]

Opensearch is free version which forked from elastic search. And it can support SIEM "sigma rules" for free(Predefined Security rules in elastic security and Graylog are charged), is there a way to integrate SOF-ELK with opensearch by any chance? Thx! By the way, it's easy to translate other SIEM rules to sigma rules by using ChatGPT.

[philhagen]

this is certainly something I've considered, and have talked with some of the folks at Opensearch about it as well. At this time, I can't allocate the time to support multiple backends. (Plus, our configurations have been ported to the latest Elastic stack components - aka post-fork version - making it a challenge to back up and work with the Opensearch equivalents.) It's not impossible - just takes more attention than I can give it at this time.

That all said, this is something I'd like to explore more - probably after I figure out the forward path beyond CentOS.

I'll close this for now, just to keep the queue focused, as this will be a major feature change if/when it's implemented, so we'll have a project and related large-scale documentation for it at that time.