Released: 9 March 2020 (release blog posts here)

The Siren Platform is comprised of two core components:

  • Siren Investigate, the node.js based browser application (includes the Siren Alert component).
    For those familiar with the ELK stack, this has a similar role to Kibana.
  • Elasticsearch cluster(s) in which the Siren Federate plugin has been installed
Optional components that can be added to the platform include:
  • Siren ML Docker container for machine learning capabilities
  • Siren ER (beta) Docker container for entity resolution capabilities
The platform can also connect to other datasources:
  • Databases with JDBC drivers: Download the drivers from our supported drivers list
  • Remote Elasticsearch clusters (with Federate plugin installed)

A conceptual overview of the platform

For more details please visit the product documentation

For more information about setting up the platform and Elasticsearch version compatibility, see documentation here.

For more information on connecting to remote datasources, see documentation here.


Demo/POC distributions

Siren Platform with Demo Data

Do you want to try our preloaded Siren Platform with our classic company/investor/articles demo?
Just run siren-platform-demo-data and you're up and running. Not recommended for adding new data.

Siren Platform with No Data or Security

With no security and no preloaded data, this package is perfect for quick Proofs of Concept or trying out out Siren Platform with your own data. Upload your data to the bundled Elasticsearch instance, connect to your existing cluster or connect to existing JDBC datasources, and begin seeing your data in a new light. This is the package to use when following our getting started tutorial.

Production distributions

Siren Platform

Our preconfigured Siren Platform with with an empty Main Elasticsearch Cluster and a preinstalled
Siren Investigate plugin, configured with security but without preloaded demo data.

Individual components:

Siren Investigate

This deployment contains Siren Investigate with no Elasticsearch cluster.
Connect to your own Main Elasticsearch Cluster (which means Elasticsearch plus the Siren Investigate Plugin) and also possibly to existing JDBC backends.


Siren comes as Community Edition by default. Without an additional license, the platform will run in Community Edition mode and some of the Siren platform functionality is limited or disabled.

See here for more information on pricing model and editions.

Start your unlimited trial here (or contact us here).

View Online Documentation
Download Zip

View Release Notes

Release notes:
  • Added first high performance graph algorithm: shortest path contextual script can be used on the graph

  • Added localization capabilities

  • Added white-labeling capabilities, including configurable favicon, logo and page title

  • Added new customizable watcher template functionality to allow fine-grained control of custom watchers

  • Added watcher alarm security to allow the creator to restrict which users can see alarms

  • Added capability to export and import Investigate saved object with dependencies

  • Works on Elasticsearch 6.8.6 with Federate, older versions of Elasticsearch also supported

  • New beta plugin: Export graph to i2 Analyst Notebook format

  • Added OpenID support

  • Improvements to system migration and upgrade process

  • Added ability to load and filter WFS overlays on Enhanced Tilemap

  • Added option to autofit map bounds to data

  • Improved filtering in Saved Objects management

  • Numbers on graph (count of links) get updated when changing the active relations either automatically or on request with an update button

  • Graph Browser Lenses now receive whole current graph to improve results for the size and graph metrics lens

  • Fix for Graph Browser aggregated relations on 6.5.4

  • Switching to another dashboard or removing all nodes on the Graph Browser now cancels all count requests

  • Siren now also works when connected to OpenDistro clusters

  • Nested JSON types can now be exported from the record table

  • Multiple Enhanced Tilemaps now synchronize map extent between each other on a dashboard

  • Enhanced Tilemap now retains layer selection after refresh

  • Enhanced Tilemap now useable when no data present

  • Desaturate map tiles now works for all overlays in Enhanced Tilemap, not just base layers

  • Fixed bug in Data Reflection where nodes or relations with spaces in the name caused SyntaxError

  • Fix for dashboard search error in a new project

  • Siren ML now prints logs on Windows deployment

  • Dashboard 360 filters now apply correctly to all visualizations

  • Disabled filtering no longer impacting dashboard export

  • Fixed fatal error when expanding node in topic clustering visualization

  • Removed tooltip showing visualization name in record table

  • Fixed issue in control visualization where focus was jumping between input areas

  • Fixed error in dashboard auto-generation without time filter selected

  • Fixed error in neo4j import process where moving back to the confirm step then clicking to move to the next step would cause an error

  • The OR filter created with our CTRL feature now creates same filter as an IS ONE OF filter

  • Fixed failure in migrations of indexes from Elasticsearch 5.x due to “_all” field

  • Avoiding high radius error in heat map layer in Coordinate Map by setting maximum safe radius

  • Improvements to the data model configuration page instructions

  • Improved Gremlin server error handling in Graph Browser

  • Fixed Alert critical error when webhook returns string instead of JSON