Investigative Intelligence to monitor business, system operations and cyber security threat intelligence

Siren for Cybersecurity

Supercharging Elasticsearch to “Join the dots” in Cyber and ITOps

Elasticsearch is an outstanding storage for IT and security logs.

Elasticsearch alone, however, cannot correlate data within its indexes (joins), nor connect directly to other backends (e.g. RDBMS, Spark, Impala etc).

Siren deployments supercharge Elasticsearch with cluster scalable joins, direct connectivity to JDBC datasources, and more.

This changes everything. Watch it in action.

The Siren relational data model

Crucially enhancing investigative capabilities

In Siren, Elasticsearch indexes and remote federated indexes are tied together by a visual relational datamodel. Typically, this can be done in 3 simple steps:

  1. Connect to your Elasticsearch indexes as usual (or to remote indexes via JDBC)
  2. Build the data model specifying cross-table primary/foreign relations, or shared identifiers (e.g. IPs, Hashes, UserIDs)
  3. Done! The data model now powers the UI with relational cross-dashboard drilldowns and record-to-record link analysis.
Siren Cyber security

Siren for security analytics (SSA)

SSA integrates logs and joins records across all your enterprise log and cyber security appliances

Thanks to its unified data model and relational navigation capabilities, SSA can correlate logs from any internal or external security appliance or data source.
Correlation is driven by the UI during an investigation or can be scheduled regularly to generate alerts and reports.

Siren Managed

Available as 24/7 managed service

SSA is also available as managed or hosted services

SSA is a joint development between Siren and certified solution providers that provides 24/7 managed security services. Talk to us for available options.

Ready to kick-start your project?

Our experts can show you exactly how to leverage your data to uncover powerful insights!