Siren Platform User Guide

Install Siren Investigate on Windows

Siren Investigate can be installed on Windows using the .zip package; zip packages can be downloaded from the download page. The demonstration versions contain a preconfigured Elasticsearch cluster in addition to Siren Investigate.

Running Siren Investigate from the command prompt

Siren Investigate can be started from the command prompt as follows:


By default, Siren Investigate runs in the foreground, prints its logs to STDOUT, and can be stopped by pressing Ctrl+C.

Siren Investigate configuration

Siren Investigate loads its configuration from the $INVESTIGATE_HOME/config/investigate.yml file by default. The format of this configuration file is explained in Configuring Siren Investigate.

Folder layout of Windows ZIP archive

The .zip package is entirely self-contained.

This is very convenient because you do not have to create any directories to start using Siren Investigate, and uninstalling Siren Investigate is as easy as removing the folder. However, it is advisable to change the default locations of the configuration and data folders so that you do not remove important data later on.



Default Location



Siren Investigate home folder or %INVESTIGATE_HOME%

Folder created by unpacking the archive; in demonstration distributions, the folder is kibi.


Binary scripts including kibi to start the Siren Investigate server and kibi-plugin to install plugins



Configuration files including investigate.yml



The location of the data files written to disk by Siren Investigate and its plugins



Transpiled source code. Certain administrative actions, for example plugin install, result in the source code being retranspiled on the fly.



The location of the plugin files. Each plugin will be contained in a subfolder.


Search results

    No results found