English | 简体中文
Elkeid HUB is a rule/event processing engine maintained by the Elkeid Team that supports streaming/offline (not yet supported by the community edition) data processing. The original intention is to solve complex data/event processing and external system linkage requirements through standardized rules.
INPUTdata input layer, community edition only supports Kafka.RULEENGINE/RULESETcore components for data detection/external data linkage/data processing.OUTPUTdata output layer, community edition only supports Kafka/ES.SMITH_DSLused to describe the data flow relationship.
- Simple HIDS
- IDS Like Scenarios
- Multiple input and output scenarios
- High Performance
- Very Few Dependencies
- Support Complex Data Processing
- Custom Plugin Support
- Support Stateful Logic Build
- Support External System/Data Linkage
- Use Elkeid HUB to process Elkeid HIDS/RASP/Sandbox/K8s auditing etc. raw data, TPS 120+ million/s. HUB scheduling instance 6000+
- 99% alarm produce time is less than 0.5s
- Internal Maintenance Rules 2000+
| Ability List | Elkeid Community Edition | Elkeid Enterprise Edition |
|---|---|---|
| Streaming data processing | ✅ | ✅ |
| Data input, output capability | ✅ | ✅ |
| Full frontend support | ✅ | ✅ |
| Monitoring capability | ✅ | ✅ |
| Plugin support | ✅ | ✅ |
| Debug support | ✅ | ✅ |
| Offline data processing | 🙅♂️ | ✅ |
| Data Persistence capability | 🙅♂️ | ✅ |
| Workspace | 🙅♂️ | ✅ |
| Cluster mode | 🙅♂️ | ✅ |
| Online upgrade strategy | 🙅♂️ | ✅ |
Overview
Edit Rule
Edit HUB Project
Edit HUB Python Plugin
Submission Rules
(Need to use with Elkeid)
