Itβs easiest to describe The Mozilla Defense Platform (MozDef) as a set of micro-services you can use as an open source Security Information and Event Management (SIEM) overlay on top of Elasticsearch.
Source: Overview β Mozilla Enterprise Defense Platform documentation