Released: 13 September 2019 (release blog posts here, what’s new here)

The Siren Platform is comprised of two core components:

  • Siren Investigate, the node.js based browser application (includes the Siren Alert component).
    For those familiar with the ELK stack, this has a similar role to Kibana.
  • Elasticsearch cluster(s) in which the Siren Federate plugin has been installed
Optional components that can be added to the platform include:
  • Siren ML Docker container for machine learning capabilities
  • Siren ER (beta) Docker container for entity resolution capabilities
The platform can also connect to other datasources:
  • Databases with JDBC drivers: Download the drivers from our supported drivers list
  • Remote Elasticsearch clusters (with Federate plugin installed)

A conceptual overview of the platform

For more details please visit the product documentation

For more information about setting up the platform and Elasticsearch version compatibility, see documentation here.

For more information on connecting to remote datasources, see documentation here.


Demo/POC distributions

Siren Platform with Demo Data

Do you want to try our preloaded Siren Platform with our classic company/investor/articles demo?
Just run siren-platform-demo-data and you're up and running. Not recommended for adding new data.

The 10.3.1 version of this package is available only on request. Please contact us for further details.

Siren Platform with No Data or Security

With no security and no preloaded data, this package is perfect for quick Proofs of Concept or trying out out Siren Platform with your own data. Upload your data to the bundled Elasticsearch instance, connect to your existing cluster or connect to existing JDBC datasources, and begin seeing your data in a new light. This is the package to use when following our getting started tutorial.

Production distributions

Siren Platform

Our preconfigured Siren Platform with with an empty Main Elasticsearch Cluster and a preinstalled
Siren Investigate plugin, configured with security but without preloaded demo data.

The 10.3.1 version of this package is available only on request. Please contact us for further details.

Individual components:

Siren Investigate

This deployment contains Siren Investigate with no Elasticsearch cluster.
Connect to your own Main Elasticsearch Cluster (which means Elasticsearch plus the Siren Investigate Plugin) and also possibly to existing JDBC backends.


Siren comes as Community Edition by default. Without an additional license, the platform will run in Community Edition mode and some of the Siren platform functionality is limited or disabled.

See here for more information on pricing model and editions.

Start your unlimited trial here (or contact us here).

View Online Documentation
View PDF
Download Zip

View Release Notes

Release notes:


  • Now ships with Elasticsearch 6.8.2 as default

  • Improved Neo4js support, Graph Browser can now launch Neo4j queries, the distribution includes ‘Shortest Path on Neo4J’ script example

  • Topic Clustering visualization enhancements

  • Beta of OpenID support with Searchguard

  • Dashboard 360 performance improvements

  • Maximized visualization can now be saved in dashboard state

  • Index pattern exclude list default when creating an Index pattern set to false

  • Improve formatters support across Investigate – legends, tooltips, visualisations


  • Fix issue in Tooltip lens with fields containing arrays

  • Fix for index naming issue that caused Graph Browser not to add certain datasets

  • Fix display of license restrictions modal during drag-and-drop of dashboard to the graph

  • Fix for the ‘hide filter bar' button issues

  • Fix Graph Shortest Path script and warn about its limitations

  • Relational Navigator visualization not being updated after unlinking and linking saved search

  • Date filter now works with formats other than epoch format

  • Fix inconsistencies with data export from Enhanced Search Result visualization due to scroll API with ‘join’ filter

  • Fix problem of the restricted ACL menu being displayed incorrectly

  • Improvements to scrollbar display

  • Fix for the Graph Browser not respecting the search filters

  • Fixed error when navigating relationally to dashboard with Timelion Visualization

  • Fix inability to use should to combine join queries

  • Fix inability to set relative time on timelion

  • Fix error when filtering using meta field

  • Catch NullPointerException on unsupported JDBC types and display warning message

  • Fix QueryShardException when changing the primary key

  • Fix ‘cache inconsistent’ results due to failure to handle cache lookup request when pruning a task node

Known issues and limitations

  • Nodes from remote elastic clusters cannot be added to the graph

  • Queries with "inner_hits” are not working with _siren end point

  • Use of ‘:’ in cluster and index names is deprecated

  • Wildcards on virtual index names are not supported by any API; a wildcard search will silently ignore virtual indices

  • Cross remote cluster wildcard pattern searches are not supported

  • Comma-separated lists of index patterns which target virtual indices are not supported.

  • Adding EID from a virtual index (JDBC source) to the Graph Browser will not work using drag and drop. They can still be added using Manual Entity Identifier option in the Add menu.