Introduction to Siren Platform

Welcome to the documentation for Siren Platform version 13.2. For the highlights of this release, see What’s new.

This documentation describes Siren Platform from the perspective of the user interface component, Siren Investigate. To learn more about the back-end system that Siren Platform is built on, see the Siren Federate documentation.

You can select different versions of the documentation by using the dropdown menu in the navigation bar. To access all previous versions, go to www.docs.siren.io.

For a guide to the formatting and conventions in this documentation, see the Documentation guide.

What is investigative intelligence?

Investigations are often about finding the truth in masses of data. Siren Platform is the product suite for investigative intelligence, which fuses capabilities such as big data monitoring and alerting, data analytics, link analysis, and a powerful search.

Siren Platform investigative intelligence

Investigative intelligence serves the needs of those who are hunting for bad actors - typically to protect people, networks, and assets.

Such investigations are the primary focus of law enforcement and intelligence agencies, but are also critical to uncovering financial crime activities and for threat hunting in cybersecurity.

These investigations often involve connecting the dots on both structured data, such as vehicle registration records, and unstructured data, such as text messages, emails, and other media.

Architectural overview

Siren Platform comprises two main elements:

  • Siren Investigate: A Web application that provides active dashboards that act as a starting point for the exploration of data and that offer powerful graphical and analytical capabilities.

  • Siren Federate: A plug-in that is installed in an Elasticsearch cluster to form the Siren Platform back-end system.

These elements are tied together by an associative data model, which allows you to specify the relations between datasets and, in doing so, drives your ability to analyze connected data.

Siren Platform architecture diagram

Working with data in Siren Platform

The structured or unstructured data can enter Siren Platform in a number of ways.

When an analyst sees records in a dashboard or in the Graph Browser, these records could be coming from any one of the following sources:

  • Data that is imported by the user, such as by uploading a .csv file, which creates an Elasticsearch index.

  • A native Elasticsearch index that is managed externally from Siren Platform. For example, a set of logs that are streaming into the system. For information about how to configure this option, see Creating entity tables.

  • Data from a Web service invocation, which automatically loads response data into the Elasticsearch cluster.

  • Data from remote datasources, which pull tables or slices of remote JDBC data into Elasticsearch, either periodically or as one-off jobs.

Now that you have a picture of Siren Platform and its architecture, it’s time to get started.