Released: 26 May 2020 (release blog posts here)

The Siren Platform is comprised of two core components:

  • Siren Investigate, the node.js based browser application (includes the Siren Alert component).
    For those familiar with the ELK stack, this has a similar role to Kibana.
  • Elasticsearch cluster(s) in which the Siren Federate plugin has been installed
Optional components that can be added to the platform include:
  • Siren ML Docker container for machine learning capabilities
  • Siren ER (beta) Docker container for entity resolution capabilities
The platform can also connect to other datasources:
  • Databases with JDBC drivers: Download the drivers from our supported drivers list
  • Remote Elasticsearch clusters (with Federate plugin installed)

A conceptual overview of the platform

For more details please visit the product documentation

For more information about setting up the platform and Elasticsearch version compatibility, see documentation here.

For more information on connecting to remote datasources, see documentation here.


Demo/POC distributions

Siren Platform with Demo Data

Do you want to try our preloaded Siren Platform with our classic company/investor/articles demo?
Just run siren-platform-demo-data and you're up and running. Not recommended for adding new data.

Siren Platform with No Data or Security

With no security and no preloaded data, this package is perfect for quick Proofs of Concept or trying out out Siren Platform with your own data. Upload your data to the bundled Elasticsearch instance, connect to your existing cluster or connect to existing JDBC datasources, and begin seeing your data in a new light. This is the package to use when following our getting started tutorial.

Production distributions

Siren Platform

Our preconfigured Siren Platform with with an empty Main Elasticsearch Cluster and a preinstalled
Siren Investigate plugin, configured with security but without preloaded demo data.

Individual components:

Siren Investigate

This deployment contains Siren Investigate with no Elasticsearch cluster.
Connect to your own Main Elasticsearch Cluster (which means Elasticsearch plus the Siren Investigate Plugin) and also possibly to existing JDBC backends.


Siren comes as Community Edition by default. Without an additional license, the platform will run in Community Edition mode and some of the Siren platform functionality is limited or disabled.

See here for more information on pricing model and editions.

Start your unlimited trial here (or contact us here).

View Online Documentation
Download Zip

View Release Notes

Release notes:

New features and improvements

Product compatibility

  • Introducing compatibility with Elasticsearch version 7.x. You can use Siren Investigate with the latest version of Elasticsearch that is supported by the Siren Federate plug-in.

Improved performance

  • To improve system performance, the Web app bundle size is reduced and Siren Platform now employs more efficient dashboard rendering. This enhancement speeds up a typical dashboard-switching scenario by several seconds.

  • New ability to set limits on searches, which prompts the user with a warning before they configure large joins or set broad filters.

  • Back-end performance improvements for large, multi-index, multi-shard settings.

New look interface

  • The user interface has a new look, which provides a more cohesive experience as you navigate the modules.

New core features

  • Web services: You can now dynamically retrieve data from external APIs. This data can be stored in Elasticsearch and relationally linked to your existing data. Siren Platform includes examples of commonly-used Web services, such as Webhose, JsonWhois, and Twitter. Additionally, follow our documentation to create your own Web service driver for other APIs. Web services can form part of your graph scripts, dashboard scripts, alerting scripts, or your new visual components.

  • Scripting API: You can now automate workflows and create ad-hoc visualizations by using a layer of scriptable JavaScript.

  • Natural Language Processing (beta): The Siren NLP plug-in provides an out-of-the-box Elasticsearch ingestion pipeline with a variety of processors for enriching documents with entity extraction. It can enrich text fields with predefined taxonomies and annotation for named entities, such as organization, person, or location.

  • JDBC/ODBC drivers: In collaboration with CDATA, a featured SQL driver is now available for Siren Platform. The drivers allow custom data exports for use in scripts and integrations.

Updates to maps

  • Loading map layers from Elasticsearch: The Enhanced Coordinate Map visualization now allows you to load map references that are stored in Elasticsearch indexes into pre-defined spatial groups. You can add multiple layers of shapes and points of interest (POI), set properties for each layer, and arrange and activate them, dynamically, at the dashboard level.

  • Siren supports advanced positioning use cases, by making the following enhancements:

    • The Graph Browser can now be used as a “tracker map” to track the movements of entities, both historically and by using live updates.

    • Example scripts are provided to trace contact between individuals. Other proximity use cases are available in the dashboard

Updates to graphs

  • A new Cards tab is available in the Graph Browser. Graph cards are selection-dependent visualizations that can be configured for many purposes. When you select nodes, the out-of-the-box cards display a neat summary of specific field values and allow you to quickly select a subset.

  • Numbers in the graph now change instantly as you change the relations that are active in the sidebar. Numbers can also be easily refreshed.

  • A new common communicator graph algorithm allows you to find nodes that act as communicators between 3 or more other nodes.

Updates to alerts

  • Improvements to versioning, configuration, and editing.

Breaking Changes

  • AngularJS library is now updated to version 1.7.9 from version 1.4.8.

  • Updated the EUI Library from the Siren custom version sirensolutions/eui#4.3.0-siren-patched-1 to "@elastic/eui": "22.1.0" across the entire Siren ecosystem.

  • Removed queries and the Query Viewer visualization due to the removal of old data sources.

  • REST data source support was removed and replaced with the new Web services feature.

Known Issues

  • Issues in expensive query limit feature:

    • Changing time above limits and navigating away can cause unexpected behaviour.

    • The number of document limits should work when a user disables the ‘invert’ filter or edits by hand a filter that is saved with a dashboard but currently does not work as expected.

Bug Fixes

  • Addressed issue with visual builder giving an "Invalid Interval error" when changing the interval value.

  • Improved the responsiveness of the icon picker for the dashboard, dashboard groups, and index pattern searches.

  • Addressed an issue where changing the timeline in the graph browser multiple times in rapid succession would not update the layout.

  • Improved the automatic sizing of nodes in the graph browser.

  • Saved objects validation no longer verifies the existence of remote indices.

  • Addressed an issue where index data was not immediately visible in the data model page after creating a new index pattern.

  • Addressed an issue where it was not possible to fix an index pattern search that points to a missing index without disabling the saved objects validation.

  • Fixed a regression that caused a normal barchart series to appear as stacked.

  • Addressed an issue that prevented assigning a label through lenses to grouped nodes.

  • Siren now prevents the automatic download of Chromium when launching Investigate on Windows.

  • Addressed an issue that caused an error to be displayed when switching quickly between two dashboards that contain a graph browser.

  • Addressed errors that displayed in the graph browser when expanding nodes in a data model with a very high number of relations.

  • Addressed an issue in date fields processing when adding nodes from heterogeneous index pattern searches to the graph browser.

  • Addressed issue the inability to remove relations linked to the same entity type.

  • Addressed issue when calculating counts on relational buttons that are linked with virtual index.

  • Resolved the the inability to add nodes from a remote elasticsearch to the graph browser.

  • Resolved issue related to unreliable behaviour using force recount on the graph.

  • Addressed related to display of date picker in Dashboard 360 time filter.

  • Addressed issue of Dashboard 360 filter strategy not being persisted.

  • Addressed problems when changing an index pattern search from "time based" in datamodel.

  • Resolved issues related to display of filter state on the dashboard menu.

  • Resolved issues related to the display format of date in the graph browser tooltips and sidebar.