Home
feedoo is an ETL, for Extract, Transform and Load. Basically, it gets data from files or database, process it thanks to pipelines and store data to a file or a database. It is very versatile and processing brick can be added without pain.
The purpose of feedoo is generic :
- ETL to convert database to another one
- Alerting like elastalert
- Gather information from agent like Fluentbit
- SIEM with correlation rule
- Intrusion detection thanks AI
- ...
The feedoo's design is for Security Operational Center (SOC). But if you need to play with data, you need feedoo as friend :)
They are many reasons why I decided to build feedoo.
Firstly, I work with RethinkDB as main database. It is amazingly easy to use, with enough performance for my needs. But the main drawback is about community tools. Briefly, they are no connector to work with, especially with Fluentd, Fluentbit or a clone of Elastalert.
Here we are: the second point ! I really appreciate Fluent family, especially Fluentbit fully written in C. Nevertheless, a drawback arrive when we talk about plugins or modifications. I worked many years with Fluentd and it can become painful when you need something was not shipped with.
So a sort of Python version a Fluent with rules and easy extension seems to me a good idea !
Sponsored by Spartan conseil