Documentation home

Documentation for versions prior to 10.4 are available here: https://docs.siren.io.

Investigative intelligence

Sometimes, the answer to a specific question may be simple, but the investigative process is typically complex and unique each time. While business intelligence, enterprise search and knowledge graph are useful for specific tasks, investigative intelligence combines these elements to answer new questions.

Where the nature of data investigation is fluid, the Siren platform provides you with coherent orchestration of information retrieval and semantic technologies that can make use of big data without moving it from your existing infrastructure.

Siren platform

The Siren platform provides relational cross-index and cross-system capabilities and investigative intelligence features.

The core platform comprises three components:

  • Siren Investigate: A browser-based visualization tool that provides powerful graphical and analysis capabilities.

  • Siren Alert: An alerting and reporting component for operational notifications and information.

  • Siren Federate: A back end that provides the ability to search across Elasticsearch, Hadoop and SQL databases.

In addition, Siren now has two modular components that extend its functionality:

  • Siren ML: A deep learning-powered AI that provides two main capabilities—predictive analytics/alerting, and time series anomaly detection.

  • Siren ER (beta): An AI component that enables entity resolution — the ability to recognize that two or more separate records in the data are referring to the same real-world entity.

The following diagram shows the relationship between these components. The Investigate frontend connects to the Federate backend, which consists of an Elasticsearch cluster with multiple nodes, each with a Federate plugin. One of the nodes is connected through JDBC drivers to external databases, and also to a remote Elasticsearch cluster.

The Siren Alert functionality is provided by a plugin, while Siren ML and Siren ER (beta) are Dockers which communicate with the main Siren platform through their APIs.

siren components
This is the documentation for Siren 10.5 and release notes are available here: https://docs.support.siren.io/10.5/platform/release-notes.html.