Real-Time Security Event Processing and Detection

PADAS is a high-performance streaming platform designed to transform, filter, enrich, and detect security events in real time. Using the PADAS Domain Language (PDL), it enables scalable event processing, inline detection, and schema normalization before data reaches your SIEM or data lake. Kafka is supported as one of many connectors, but PADAS does not depend on Kafka to operate.

No. PADAS is an independent streaming platform. Kafka is supported as a connector (both source and sink), but PADAS can ingest directly from syslog, HTTP, files, and other PADAS nodes without any Kafka deployment. You can use Kafka where it makes sense, or not at all.

PADAS processes events through configurable pipelines built from three primitives: connectors (I/O with external systems), streams (append-only event channels), and tasks (PDL-based processing and detection). Source connectors ingest events into streams; tasks transform, enrich, and detect patterns; sink connectors deliver results to external systems. A web UI (PADAS UI) is included to configure, monitor, and test pipelines.

PADAS complements SIEM and observability platforms. While general-purpose data pipeline tools or custom stream processors handle telemetry movement, PADAS focuses on real-time threat detection and transformation using a domain-specific language, filling the gap between raw data collection and final analytics, without requiring you to adopt a specific broker or SIEM.

PADAS processes security events through configurable stream pipelines. It filters, enriches, correlates, and applies detection rules to data on the fly, minimizing storage needs and accelerating response. Throughput scales with pipeline complexity and hardware; see the Configuration & Runtime Engine documentation (Performance Tuning section) and Runtime configurations for tuning-related settings.

Yes. PADAS supports custom detection logic through its purpose-built PADAS Domain Language (PDL), which supports filtering, field transformation, enrichment lookups, aggregation, and temporal correlations across events.

PADAS has built-in source connectors for syslog (UDP/TCP, RFC 3164/5424), HTTP (polling and push), Kafka topics, local files, and PADAS-to-PADAS TCP forwarding. This covers the majority of security telemetry sources: endpoint logs, firewall logs, cloud telemetry, Windows Event Logs, without requiring an intermediate broker. Because PADAS uses a schema-on-read approach, data is ingested in its original format and normalized downstream using PDL tasks.

PADAS pre-processes data in the stream, reducing noise and normalizing events before forwarding them to your SIEM or object storage. This lowers ingest volume, reduces storage, and minimizes SIEM licensing overhead by ensuring only relevant, normalized data reaches downstream systems.

No. PADAS is completely vendor-agnostic. It can deliver events to Splunk, Kafka, S3-compatible object storage, HTTP endpoints, or syslog receivers, and does not depend on Kafka, Confluent, or any specific SIEM to function.

PADAS is built for longevity: a schema-on-read design means you are never locked into a single data model at the edge, so you can normalize to OCSF, OpenTelemetry, or your own schema as standards evolve. The vendor-independent connector model and REST API control plane keep integration flexible. The platform is evolving to include context enrichment services (entity, threat intelligence, vector similarity) and historical search over object storage.

You can access official documentation, CLI tools, and GitHub resources. Direct support and advisory services are available for enterprise deployments. Please contact us for details.

Yes. PADAS applies real-time filtering and correlation logic directly on the stream, improving fidelity and reducing false positives before logs reach your SIEM or analyst dashboards. Detection tasks can evaluate multiple PDL queries independently against the same stream.

You can download the latest release of PADAS Engine and PADAS UI from our website. Follow the documentation to deploy it locally, in your lab, or in production alongside your existing data sources.

PADAS is not a log storage or search solution. It operates as a stream processing and detection layer: ingesting, transforming, detecting, and routing events in real time. Long-term storage and historical search are handled by an optional companion layer (object storage plus query service), keeping the core engine focused and fast.