This document provides an overview and demonstration of using open source tools for security information and event management (SIEM). It begins with an introduction to SIEM and the ELK stack (Elasticsearch, Logstash, Kibana) for data aggregation, correlation, alerting and dashboards. The document demonstrates using Logstash to parse Apache logs and load them into Elasticsearch. It also discusses clustering and sizing requirements. Finally, it introduces Wazuh as an open source SIEM solution built on OSSEC and the ELK stack.