II.
StackProfile JSON
Structured · livestack-profile:siem-platform
SIEM Platform (Elasticsearch, Python, RabbitMQ, Redis, React, PostgreSQL) json
Inspect the normalized record payload exactly as the atlas UI reads it.
{
"id": "stack-profile:siem-platform",
"_kind": "StackProfile",
"_file": "domain/stack-profiles/deep-stacks-6.yaml",
"_cluster": "domain",
"attributes": {
"displayName": "SIEM Platform (Elasticsearch, Python, RabbitMQ, Redis, React, PostgreSQL)",
"description": "A security information and event management platform that aggregates,\ncorrelates, and analyzes security events from across the organization's\ninfrastructure. Elasticsearch ingests and indexes millions of security\nevents per day from network devices, servers, applications, and cloud\nservices with custom detection rule pipelines. Python services run\ncorrelation engines that match event patterns against MITRE ATT&CK\ntechniques and generate prioritized alerts. RabbitMQ buffers incoming\nevent streams for reliable processing during ingestion spikes.\nReact powers the analyst dashboard with timeline visualization,\ninvestigation workbenches, and alert triage workflows. PostgreSQL\nstores detection rules, investigation cases, and analyst notes.\nRedis caches threat intelligence lookups and active alert states.\nThe tradeoff is storage costs for long retention periods and tuning\ndetection rules to minimize false positives without missing threats.\n",
"composes": [
"tool:elasticsearch",
"language:python",
"tool:rabbitmq",
"library:redis",
"framework:react",
"tool:psql",
"library:pandas",
"library:httpx"
]
},
"outgoingEdges": [
{
"from": "stack-profile:siem-platform",
"to": "tool:elasticsearch",
"kind": "composed_of"
},
{
"from": "stack-profile:siem-platform",
"to": "language:python",
"kind": "composed_of"
},
{
"from": "stack-profile:siem-platform",
"to": "tool:rabbitmq",
"kind": "composed_of"
},
{
"from": "stack-profile:siem-platform",
"to": "library:redis",
"kind": "composed_of"
},
{
"from": "stack-profile:siem-platform",
"to": "framework:react",
"kind": "composed_of"
},
{
"from": "stack-profile:siem-platform",
"to": "tool:psql",
"kind": "composed_of"
},
{
"from": "stack-profile:siem-platform",
"to": "library:pandas",
"kind": "composed_of"
},
{
"from": "stack-profile:siem-platform",
"to": "library:httpx",
"kind": "composed_of"
},
{
"from": "stack-profile:siem-platform",
"to": "role:security-engineer",
"kind": "used_by_role"
},
{
"from": "stack-profile:siem-platform",
"to": "role:backend-engineer",
"kind": "used_by_role"
},
{
"from": "stack-profile:siem-platform",
"to": "role:observability-engineer",
"kind": "used_by_role"
},
{
"from": "stack-profile:siem-platform",
"to": "workflow:threat-intelligence-feed-review",
"kind": "follows_workflow"
},
{
"from": "stack-profile:siem-platform",
"to": "workflow:security-control-maturity-assessment",
"kind": "follows_workflow"
},
{
"from": "stack-profile:siem-platform",
"to": "domain:cybersecurity",
"kind": "applies_to"
},
{
"from": "stack-profile:siem-platform",
"to": "domain:security",
"kind": "applies_to"
},
{
"from": "stack-profile:siem-platform",
"to": "skill-area:security-monitoring-siem",
"kind": "requires_skill_area"
},
{
"from": "stack-profile:siem-platform",
"to": "skill-area:threat-detection",
"kind": "requires_skill_area"
},
{
"from": "stack-profile:siem-platform",
"to": "skill-area:search-infrastructure",
"kind": "requires_skill_area"
},
{
"from": "stack-profile:siem-platform",
"to": "skill-area:event-driven-architecture",
"kind": "requires_skill_area"
},
{
"from": "stack-profile:siem-platform",
"to": "skill-area:data-analytics",
"kind": "requires_skill_area"
}
],
"incomingEdges": []
}