TelHawkTelHawk Stack
OCSF-compliant SIEM with Splunk HEC-compatible ingestion, OpenSearch storage, and a query/alert layer designed for migration and testing workloads.
telhawk-systems/telhawk-stack →Security telemetry that doesn’t fight you.
TelHawk Stack is a lightweight, OCSF-aware SIEM with Splunk-compatible ingestion, built in Go for security engineers who actually read their logs.
Free to use. Source readable. Designed for migrations and experiments, not lock-in.
Core Projects
TelHawk Proxy
Telemetry-first reverse proxy and bot-detection middleware, built to feed rich, structured events into TelHawk Stack or your existing SIEM.
telhawk-systems/telhawk-proxy →Migration & Compatibility Tools
Utilities focused on Splunk-compatible ingestion, replaying attack datasets, and easing SIEM migrations instead of locking you in.
Coming soonWhy TelHawk?
- Splunk-compatible ingestion so you can test or migrate without rewriting every integration.
- OCSF normalization so security data actually lines up across tools.
- Open, readable code for security audits and serious engineering shops.
- Migration-first design so you can use TelHawk as a temporary SIEM, a lab, or a long-term home.
Security & Transparency
TelHawk Systems treats transparency as a security feature. Our core projects are designed so that engineers can inspect the code, audit configurations, and understand exactly how data flows through the system.
We prioritize readable source, clear configuration, and migration tooling over black-box magic. If lock-in is the moat, TelHawk builds the bridge.
Contact
TelHawk Systems is currently in active development. If you're interested in experimentation, migrations, or security engineering work around telemetry and SIEM pipelines, you can reach out via LinkedIn.
LinkedIn
Steven Horton on LinkedIn
Eileen Horton on LinkedIn