Released: 31 July 2020 (release blog posts here)

The Siren Platform is comprised of two core components:

  • Siren Investigate, the node.js based browser application (includes the Siren Alert component).
    For those familiar with the ELK stack, this has a similar role to Kibana.
  • Elasticsearch cluster(s) in which the Siren Federate plugin has been installed
Optional components that can be added to the platform include:
  • Siren ML Docker container for machine learning capabilities
  • Siren ER (beta) Docker container for entity resolution capabilities
The platform can also connect to other datasources:
  • Databases with JDBC drivers: Download the drivers from our supported drivers list
  • Remote Elasticsearch clusters (with Federate plugin installed)

A conceptual overview of the platform

For more details please visit the product documentation

For more information about setting up the platform and Elasticsearch version compatibility, see documentation here.

For more information on connecting to remote datasources, see documentation here.


Demo/POC distributions

Siren Platform with Demo Data

Do you want to try our preloaded Siren Platform with our classic company/investor/articles demo?
Just run siren-platform-demo-data and you're up and running. Not recommended for adding new data.

Siren Platform with No Data or Security

With no security and no preloaded data, this package is perfect for quick Proofs of Concept or trying out out Siren Platform with your own data. Upload your data to the bundled Elasticsearch instance, connect to your existing cluster or connect to existing JDBC datasources, and begin seeing your data in a new light. This is the package to use when following our getting started tutorial.

Production distributions

Siren Platform

Our preconfigured Siren Platform with with an empty Main Elasticsearch Cluster and a preinstalled
Siren Investigate plugin, configured with security but without preloaded demo data.

Individual components:

Siren Investigate

This deployment contains Siren Investigate with no Elasticsearch cluster.
Connect to your own Main Elasticsearch Cluster (which means Elasticsearch plus the Siren Investigate Plugin) and also possibly to existing JDBC backends.


Siren comes as Community Edition by default. Without an additional license, the platform will run in Community Edition mode and some of the Siren platform functionality is limited or disabled.

See here for more information on pricing model and editions.

Start your unlimited trial here (or contact us here).

View Online Documentation
Download Zip

View Release Notes

Release notes:

Known issues

  • The limits that are based on the number of documents are not enforced when a user disables the ‘invert’ filter or manually edits a filter that is saved with a dashboard.

Bug fixes

  • Prevented standard users from being able to change the Siren Platform license from the Management section.

  • Prevented dashboard groups from expanding automatically when switching dashboards.

  • Prevented the dashboard sidebar from collapsing unexpectedly when switching dashboards.

  • Resolved an issue that prevented dropping a dashboard inside a dashboard group or between dashboard groups in some scenarios.

  • Resolved an issue where searches that were performed in Discover were inadvertently applied to dashboards that were bound to the same underlying index pattern search.

  • Resolved an issue that prevented users from inverting dashboard filters when editing their definition.

  • Prevented graph node counts from disappearing after expanding unrelated nodes in some scenarios.

  • Resolved an issue where a change to the dashboard filter settings did not signal a need for a recount on the Graph Browser.

  • Child searches with filters inside 360 dashboards are now handled correctly.

  • Restored the ability to set the legend positioning and customize axis labels in the Multi-Chart visualization.

  • Improved the display contrast of visualizations when a dark theme is enabled.

  • The OIDC flow is automatically restarted if the cookie with the nonce was not saved by the browser.

  • The Time Series Visual Builder visualization now works correctly with Elasticsearch 7.

  • Restored support for Font Awesome brand icons.

  • Support for long dashboard names and improved alignment of Data Model editor page in Dashboard 360.

  • Resolved issue with the color display for significant term option on the Graph Browser aggregated relations.

  • Resolved an issue that could cause the application to crash when data was not available in a visualization configured to display "other" or "missing" field counts.

  • Points no longer disappear on map clusters when zooming in.

  • Resolved usability issues with refresh count action on the Relational Navigator.

  • Resolved an issue of missing access control context for the Web Service Manager in tha Access Control UI.

  • Restored auto-completion of names in the Data Model relations list.

  • Rectified an issue that prevented loading system indices correctly on Elasticsearch 6.5.4 when using the "investigate restore" command.

  • Modified Siren Alert to create new daily indices only when an actual alarm or report is produced.

  • Improved invalid file handling in the map layers ingestion scripts.

  • Resolved the order of points in geo_polygon filters that are created by the Enhanced Coordinate Map visualization.

  • Resolved an issue with a continuously spinning indicator on Dashboard 360.

  • Resolved an issue in Dashboard 360 where a join filter from a leaf visualization was applied to the main search in certain scenarios.

  • Removed the obsolete "search" REST API endpoint from Siren Alert.

Breaking changes since version 10.5.0

* The AngularJS library is now updated to version 1.7.9 from version 1.4.8.
* Updated the EUI version from sirensolutions/eui#4.3.0-siren-patched-1 to "@elastic/eui": "22.1.0" across all Siren Platform components.
* Removed queries and the Query Viewer visualization, due to the removal of legacy data sources.
* REST data source support was removed and replaced with the new Web services feature.