UTMSTACK logoUTMSTACK logo
Getting Started Introduction

UTMStack has officially released version 11.0.0, a major stable update that transforms its SIEM platform. This release introduces a redesigned architecture, stronger security, and a more intuitive user experience—positioning UTMStack to meet the demands of modern cybersecurity operations.

UTMStack v11 Architecture Diagram

Overview

Welcome to the UTMStack open-source project! UTMStack is a unified threat management platform that merges SIEM (Security Information and Event Management) and XDR (Extended Detection and Response) technologies. Our unique approach allows real-time correlation of log data, threat intelligence, and malware activity patterns from multiple sources, enabling the identification and halting of complex threats that use stealthy techniques.

Experience UTMStack in action with our live demo

Important: Fresh Installation Required

UTMStack v11 can only be installed on new instances.

  • Direct upgrades from v10 are not supported

  • v11 includes architectural changes incompatible with previous versions

  • If you're currently using v10, keep it running on its existing infrastructure

  • Deploy v11 on a separate, new server instance
    For migration planning and assistance, please contact UTMStack support.

What's New in v11

1. Performance and Scalability

Revolutionary Event Processing

  • Replaced Logstash with EventProcessor (developed by Threatwinds)

  • Drastically reduced resource usage

  • Improved log processing speed significantly

  • New architecture using two container types: manager and worker

  • Each container capable of running plugins and processing data in parallel

  • Add additional workers to scale horizontally and eliminate bottlenecks

2. Modular Plugin Architecture

Official Plugin System

  • New official plugin system for independent feature integration

  • Improved maintainability and code organization

  • Easier platform expansion and customization

  • Community-friendly architecture for contributions

3. Enhanced Security

Strengthened Security Protocols

  • Strengthened TLS protocols across all components

  • Multi-Factor Authentication (MFA) is now mandatory for platform access

  • Elevated protection against unauthorized access

  • Enhanced encryption for all data in transit

  • Daily code reviews for vulnerable dependencies

  • Yearly penetration testing and testing after major releases

4. SOC-AI with Custom Model Support

AI-Powered Threat Detection

  • SOC-AI module now supports user-defined machine learning models

  • Official models available out-of-the-box

  • Tailor threat detection and response to your organization's needs

  • Advanced analysis and automated insights

5. Improved User Experience

Redesigned Interface and Workflows

  • Completely redesigned graphical interface for better usability

  • Incident Response module renamed to SOAR (Security Orchestration, Automation and Response)

  • Automated workflows for alert handling

  • Simplified rule creation with a visual editor

  • Advanced YAML configurations still supported for power users

  • Log filtering moved from complex Logstash syntax to accessible YAML format

6. Centralized Management and Flexible Deployment

Enterprise-Grade Management

  • All UTMStack instances can connect to a central server

  • Remote log submission capabilities

  • Centralized updates across all instances

  • Multi-platform support: Ubuntu and Red Hat systems

  • Offline, on-premise deployments supported with guided assistance

  • Automatic updates can be scheduled from the central server

  • No manual intervention required to keep systems current

Core Features

Log Management & Correlation

Advanced real-time log analysis and correlation

Threat Intelligence

Integrated threat intelligence feeds and analysis

File Classification

Automated file analysis and classification

Security Compliance

Built-in compliance management and reporting

security

Threat Detection & Response

Identify and respond to threats in real-time

fingerprint

Alert Investigation

Comprehensive alert investigation and forensics

SOC AI-Powered Analysis

Machine learning-driven security analysis

SOAR Workflows

Automated security orchestration and response

Why Choose UTMStack v11?

UTMStack stands out in threat prevention by surpassing the boundaries of traditional systems. Our software platform can swiftly analyze log data to identify and halt threats at their source in real-time, even if the threat was not directly detected on the server itself.

Key Differentiators

  • Real-time correlation before data ingestion - reduces workload and improves response times

  • Seamless SIEM and XDR integration - unified threat management in a single platform

  • Horizontal scalability - add workers as your organization grows

  • Open-source foundation - transparent, community-driven development

  • Enterprise-ready - suitable for production environments and modern SOC operations

Getting Started

Installation Guide

Step-by-step instructions to install UTMStack v11

Video Tutorials

Watch our feature overview and tutorials

Online Demo

Try UTMStack without installing anything

API Documentation

Explore the complete API Reference

Community and Support

Official Documentation

Complete documentation and guides

Contributing Guide

Learn how to contribute to the project

Correlation Rules Repository

Community-driven correlation rules

Discord Community

Join our community discussions

Summary

UTMStack v11.0.0 marks a major evolution of the platform. With improvements in performance, scalability, security, and usability, this version is ready for production environments and modern SOC operations.

For technical documentation, migration assistance, or enterprise support, visit https://docs.utmstack.com/ or contact the UTMStack team.