Elasticsearch supercharged

Siren supercharges Elasticsearch with big data joins, remote data virtualization and true link analysis.
A gamechanger for Cyber, Log analysis and much much more.

Augmented Search Engine capabilities for Elasticsearch

Get way more from Elasticsearch

The Siren platform extends core ELK capabilities with in-cluster distributed big data joins, true knowledge graph support (with link analysis), data virtualization of JDBC datasources and much more.

Out of the box, critical capabilities for scenarios including:


The Siren Federate™ Elasticsearch plug-in

Supercharging new or existing clusters is just a plug-in away

Siren’s relational and federation technology comes packaged in the Siren Federate™ plugin for Elasticsearch. Siren Federate™ embedded technologies allow for easy vertical and horizontal scaling without impacting the performance of standard Elasticsearch operations.

Standard ELK capabilities are further enhanced by data federation where remote JDBC datasources are virtualized and exposed as if they were local indexes (with joins pushed down to the native sources).

See the performance benchmarks. Learn more about Siren Federate™

Meet “Siren Investigate”, the Siren UI

Siren’s front-end supercharges the native Kibana UI with “Investigative Intelligence” advanced capabilities, including:

  • Relational data navigation and correlation at scale, powered by distributed in-cluster joins.
  • Interactive visualizations beyond Elasticsearch: visualize Elasticsearch data side by side with live data from JDBC sources including RDBMS and more.
  • True record-to-record link analysis across back ends, with map, timeline, grouping, and advanced scripting for graph visualizations.

Witness Siren in action for cybersecurity

Join the dots at scale, the smart way

Dynamically and intuitively design the data model with the built in editor and tie Elasticsearch and remote indexes together

In Siren, Elasticsearch indexes and remote federated indexes are tied together by a visual relational datamodel. Typically, this can be done in 3 simple steps:

  1. Connect to your Elasticsearch indexes as usual (or to remote indexes via JDBC)
  2. Build the data model specifying cross-table primary/foreign relations, or shared identifiers (e.g. IPs, Hashes, UserIDs)
  3. Done! The data model now powers the UI with relational cross-dashboard drilldowns and record-to-record link analysis.

How does it compare?

Side by side comparison of the open source Elastic stack (ELKB) and the Siren platform™

Apache licensed Elasticsearch
Siren Platform
Free or Paid
Can be installed standalone
Compatible with Elastic subscriptions (formerly X-pack)

Siren can be installed on top of Elasticsearch clusters in which free or paid Elastic Subscription packages (formerly X-Pack) have been installed.
Among the features that can typically be added for free are:

  • Extra data collection modules.
  • Infrastructure and log UI.
  • SQL CLI.
  • Data rollups/Frozen indexes.
  • Kibana/Canvas.

Please refer to Elastic.co for details

Compatible with Opendistro for Elasticsearch

Siren installed on Elasticsearch cluster which include components from the AWS backed Opendistro for Elasticsearch. Useful features that can be added in this way include:

  • Cluster Monitoring
  • Basic SQL
Backend (Elasticsearch + Siren Federate plugin)
Classic Elasticsearch core capabilities
  • Query language and scoring
  • Typeahead, highlighting, and spell-correction
  • Aggregations
  • Indexing & search – text, metrics, geo
  • Automatic data rebalancing
Clustering & high availability
Cross-index big join capabilities
Siren enhances Elasticsearch clusters with big data, distributed cross-index join capabilities.
When indexes are “virtualized” the joins are pushed to the native datasources. Cross-backend joins are performed in memory.
Remote JDBC indexes as virtual Elasticsearch indexes

Siren “Virtual Indexes” look and behave like Elasticsearch indexes for most operations, but translate and forward queries directly to the remote datasources.
Currently supported backends (check the docs for the latest updates):

  • BigQuery
  • Denodo
  • Dremio
  • Impala
  • MySQL
  • Microsoft SQL Server
  • Neo4j
  • Oracle
  • PostgreSQL
  • Presto
  • Spark SQL
“Reflection” of remote data in the cluster

Reflections are optional, locally materialized Elasticsearch tables which are kept in sync with the content of the remote datasources. Activating datasource reflection lowers the load on the remote datasources for intense analytics, increases the performance and scalability for local users and increases the search and analytics capabilities (e.g. wordclouds and phonetic search and high quality ranking become available on reflected indexes)

  • Easily go from virtualized index to “reflection index” using our wizard.
  • Reflections are periodically refreshed.
Easy alerting for business users
  • One click alerts can be activated directly from the dashboards.
  • Customized alerts can be created as deployable scripts.
Advanced Alert creation environment

basic, no enterprise support via Opendistro

advanced, supported by Siren

Advanced Siren only features include

  • High availability, scalable alerting.
  • Ability to generate alerts from large scale index joins
  • Alerting on data that resides in different backends (via Siren virtualization)

via Opendistro plugin, no enterprise support

enterprise support
While Siren security capabilities are identical to those of Opendistro, Siren provides enterprise support on this part.

  • Active Directory
  • LDAP
  • Kerberos / SPNEGO
  • JSON web token authentication
  • SAML
  • OpenID / JWKS
  • Custom authenticators
  • REST management API
  • Document-level security
  • Field-level security
  • Audit Logging
  • Configuration GUI
  • Read history audit logging
  • Write history audit logging
  • Field anonymization
  • Immutable indices
  • Event routing
  • Elasticsearch installation monitoring
  • Search Guard configuration monitoring
Only available in Siren
Semantic/Relational datamodel
Auto cross-index relation discovery
Relational navigation across dashboards (“Set to Set” / relational drilldowns)
Autogenerated dashboards and autogenerated widgets
Dashboards for “360 degree entity/set views” (dashboard specific relations across widgets)
Live JDBC data can be used in dashboards exactly like Elasticsearch data (no ETL)
Dashboards/Folder/Space navigator sidebar driven UI
Knowledge Graph explorer / Link analysis
Filters can be combined in OR with multiple clicks
Investigative Maps (link analysis on Map)
Big Data, UI driven CSV import/export
PDF, PNG Exports
Machine learning and Data discovery
Time series anomaly detection
Auto discovery dashboard creation
Visual high dimensionality correlation explorer
Text clustering capabilities
Coming in Siren 10.3
Data ingestion and processing, services
Scheduled data materialization of data from virtualized datasources (Reflections)
Data fingerprinting, detection of relationships and sensible /known data types
Search and alert
Search engine mode dashboard, support for custom result templates, support for NLP annotated text
Scriptable “types” of alerts on new search results, business user friendly
Support for molecular search
Document similarity search
Compatibility and extensibility
License to customize/modify source code of the commercial offering
Iframe embedding friendly
Scriptable operations
Record Data Visualization Templates for result tables

Siren Industries


Solutions built on top of Siren

Siren powered solutions are deployed across sectors including Finance Services, Life Sciences, Law Enforcement and Operational Intelligence.

Ready to kick-start your project?

Our experts can show you exactly how to leverage your data to uncover powerful insights!