Released: 15 June 2020 (release blog posts here)

The Siren Platform is comprised of two core components:

  • Siren Investigate, the node.js based browser application (includes the Siren Alert component).
    For those familiar with the ELK stack, this has a similar role to Kibana.
  • Elasticsearch cluster(s) in which the Siren Federate plugin has been installed
Optional components that can be added to the platform include:
  • Siren ML Docker container for machine learning capabilities
  • Siren ER (beta) Docker container for entity resolution capabilities
The platform can also connect to other datasources:
  • Databases with JDBC drivers: Download the drivers from our supported drivers list
  • Remote Elasticsearch clusters (with Federate plugin installed)

A conceptual overview of the platform

For more details please visit the product documentation

For more information about setting up the platform and Elasticsearch version compatibility, see documentation here.

For more information on connecting to remote datasources, see documentation here.


Demo/POC distributions

Siren Platform with Demo Data

Do you want to try our preloaded Siren Platform with our classic company/investor/articles demo?
Just run siren-platform-demo-data and you're up and running. Not recommended for adding new data.

Siren Platform with No Data or Security

With no security and no preloaded data, this package is perfect for quick Proofs of Concept or trying out out Siren Platform with your own data. Upload your data to the bundled Elasticsearch instance, connect to your existing cluster or connect to existing JDBC datasources, and begin seeing your data in a new light. This is the package to use when following our getting started tutorial.

Production distributions

Siren Platform

Our preconfigured Siren Platform with with an empty Main Elasticsearch Cluster and a preinstalled
Siren Investigate plugin, configured with security but without preloaded demo data.

Individual components:

Siren Investigate

This deployment contains Siren Investigate with no Elasticsearch cluster.
Connect to your own Main Elasticsearch Cluster (which means Elasticsearch plus the Siren Investigate Plugin) and also possibly to existing JDBC backends.


Siren comes as Community Edition by default. Without an additional license, the platform will run in Community Edition mode and some of the Siren platform functionality is limited or disabled.

See here for more information on pricing model and editions.

Start your unlimited trial here (or contact us here).

View Online Documentation
Download Zip

View Release Notes

Release notes:

Known Issues

  • The number of document limits does not work as expected when a user disables the ‘invert’ filter or manually edits a filter that is saved with a dashboard.

Bug Fixes

  • Addressed an issue with the Record Table not flattening nested JSON. Now, nested fields can be added as columns.

  • Addressed a critical issue when adding a search to dashboard 360.

  • Addressed an issue with the dashboard filter disappearing when edit mode was opened, but the filter was not edited.

  • Addressed an issue with the blank list of saved objects in the Management page.

  • Addressed an issue with the time filter not being removed when turning off timeline mode.

  • Addressed an issue when adding nodes to the dashboard 360 model.

  • Addressed an issue with the graph browser’s ‘select by edge count’ not working when nodes are not visible.

  • Addressed the display of the data model subtitle text wrap within container.

  • Addressed the issues related to the time series visual builder not working in 10.5.0.

  • Improvements to the reliability of the drag-and-drop function when moving items onto the graph browser and map components.

  • Improvement to the relation and entity identifier dependency resolution on dashboard export.

  • Improvements to the geoLoad script to allow geohash aggregations by using the geo_point field type instead of the geo_shape field type.

  • Addressed the unexpected behaviour when changing time above limits and navigating away in the expensive query limit feature.

  • Addressed the issues with the tooltip display on the graph browser nodes.

  • Addressed an issue with the scatter plot visualization not working for Any Aggregator Data or Filter Aggregator Data configuration options.

10.5.0 Reminder of Breaking Changes

  • AngularJS library is now updated to version 1.7.9 from version 1.4.8.

  • Updated the EUI Library from the Siren custom version, sirensolutions/eui#4.3.0-siren-patched-1, to "@elastic/eui": "22.1.0" across the entire Siren ecosystem.

  • Removed queries and the Query Viewer visualization, due to the removal of old data sources.

  • REST data source support was removed and replaced with the new Web services feature.