-
Notifications
You must be signed in to change notification settings - Fork 71
Components
The EventProcessor ecosystem is powered by a variety of plugins categorized by their role in the data processing pipeline.
These plugins are built into the core engine for fundamental tasks:
Collect or receive logs from external sources.
- http-input: Receives logs via HTTP endpoints.
- grpc-input: Receives logs via gRPC.
Extract and enrich data from raw events.
- Common Steps: add, cast, csv, delete, grok, json, kv, reformat, rename, trim.
- See the Filter Steps Reference for details.
Process logs to detect security attacks.
- analysis: The main engine for evaluating Rules.
- feeds: Proprietary Threat Intelligence engine that correlates events with ThreatWinds malicious indicators (IPs, Domains).
UTMStack extends the EventProcessor with specialized plugins for enterprise security. These plugins are Open Source (OSS) and we welcome community contributions.
| Category | Plugins | Purpose |
|---|---|---|
| Inputs | aws, azure, bitdefender, gcp, o365, sophos | Cloud and third-party security log ingestion. |
| Parsing | geolocation | Enriches events with geographic data based on IP. |
| Analysis | events | Specialized event analysis for UTMStack datasets. |
| Correlation | alerts, soc-ai | Detects relationships between alerts and AI-driven analysis. |
| Notification | stats | Sends statistics and notifications to internal/external systems. |
| Sidecar | config | Manages system configurations and health. |
The core engine and its fundamental parsing steps (json, grok, kv, etc.) are managed, proprietary components designed for high-performance and stability. While you cannot modify these directly, you can extend their logic using the [go-sdk] and the [Custom Plugin Development] patterns.
The go-sdk is the backbone of connectivity. Key components include:
-
plugins/plugins.proto: Service definitions for gRPC. -
plugins/config.go: Shared configuration utilities. -
plugins/cel.go: Common Expression Language support for rule evaluation.