Siren Platform User Guide



This is the documentation for Siren 10.1.2. For other documentation, visit For the release notes, visit

Investigative intelligence

Sometimes, the answer to a specific question may be simple, but the investigative process is typically complex and unique each time. While business intelligence, enterprise search and knowledge graph are useful for specific tasks, investigative intelligence combines these elements to answer new questions.

Where the nature of data investigation is fluid, the Siren platform provides you with coherent orchestration of information retrieval and semantic technologies that can make use of big data without moving it from your existing infrastructure.

Siren platform

The Siren platform provides relational cross index and cross system capabilities and investigative intelligence features.

The platform comprises three components.

  • Siren Investigate: A browser-based visualization tool that provides powerful graphical and analysis capabilities.

  • Siren Alert: An alerting and reporting component for operational notifications and information.

  • Siren Federate: A back end that provides the ability to search across Elasticsearch, Hadoopand SQL databases.


Siren Investigate

Siren Investigate is an application for interactive, exploratory investigative intelligence. It ties together the big data that resides in your infrastructure, without moving it, using a semantic data model that defines how data connects.

You edit the data model in Siren Investigate by listing the tables in the remote datasources, such as an RDBMS, an Elasticsearch index, or an Impala table and how these refer to each other in a similar way to a primary/foreign key definition, but across systems.

Siren Investigate provides scalable, smooth and interactive graph analytics without the  need for a separate graph data store. It also provides temporal analytics components to show connected events originating from multiple indices in a single view.

You can cross boundaries of indices and back ends to discover how events and entities are connected. And you can use relational filtering to see time placements of events related to both single entities and groups.

Enterprise-level access control is provided at the index, record and field levels. And end-to-end encryption exists from the user interface down to the inter-cluster communications.

Siren Alert

Siren Alert provides alerts and reports (PDF emails) to be generated using logic, ranging from simple queries to advanced Complex Event Processing (CEP) scripts. The Siren Investigate user interface enables you to configure watchers (email recipients) and reports.

The Siren Alert scripting capabilities make it easy to implement statistical anomaly detection methodology to determine when alerts should be generated.

Siren Federate

Siren Federate is a plugin extension for Elasticsearch that adds cluster distributed and highly optimized cross index and cross back end data joins.

These capabilities are exposed by Siren Federate as an extended Elasticsearch API that is backward compatible with the Elasticsearch and Kibana plugin ecosystem.

Siren Federate makes full use of your current systems with the ability to translate analytic and join queries to the language supported by your existing databases and big data infrastructure or transparently using in-Siren-cluster-nodes memory joins as required.

Search results

    No results found