Siren Platform User Guide

Installing Siren Platform

Prerequisites

The minimum hardware requirements are:

  • x64 CPU with four processing units (cores)

  • 16GB RAM

  • 10GB free SSD disk space

We support the following operating systems:

  • Microsoft Windows (64-bit)

  • Linux 2.6.32 or later (x86-64)

We support the following browsers:

  • Google Chrome

  • Mozilla Firefox

You must install one of these Java versions:

  • Oracle JDK 8

  • OpenJDK 8

Ensure that the JAVA_HOME environment variable is set to the appropriate path. To set the JAVA_HOME environment variable, follow the instructions here.

If you want to connect an external datasource by using a JDBC connector, see JDBC driver installation and compatibility.

For information about compatibility between versions of Siren Investigate, Siren Federate, and Elasticsearch, see the version compatibility matrix.

Download the Siren platform

Download Siren Platform with No Data or Security for Microsoft Windows (64-bit) or Linux 2.63 (64-bit): https://support.siren.io/support/solutions/17000079918

If you have not yet obtained a license, contact support.

Note

Without a license, some functionality is limited or switched off.

Installing Siren Platform
  1. Save the compressed file and extract it to a local directory. The folder contains three main folders:

    • docs: Contains the Siren Platform user guide in both HTML and PDF formats and the release notes.

    • elasticsearch: Contains the self-contained, single-node Siren Enhanced Elasticsearch cluster.

    • siren-investigate: Contains the Siren front-end application, which can be accessed through a web browser.

  2. Launch the program, based on your operating system.

    Windows

    1. Browse to the elasticsearch/bin folder and double-click on the Elasticsearch.bat file. A command window shows Elasticsearch messages flowing. Do not close the command window.

    2. Browse to the siren-investigate/bin folder and double-click on the investigate.bat file. A command window shows Siren Investigate messages flowing. Do not close the command window.

    Linux

    1. Open a Terminal window, change directory to the extracted folder, and run the following command: cd {extracted folder}/elasticsearch ./bin/elasticsearchThe Terminal window shows Elasticsearch messages flowing. Do not close the command window.

    2. Open a new Terminal window, change directory to the extracted folder, and run the following command: cd {unzipped folder}/siren-investigate./bin/investigate

    The installation is complete when you see the message “Siren Gremlin Server is up and running” in the log window.

  3. Open a web browser and navigate to http://localhost:5606.

Relaunching Siren Platform

If your session is interrupted and you need to relaunch Siren Investigate, repeat steps 2-3 of the above procedure.

Installing Siren Platform as a Windows service

Install Elasticsearch as a Windows service
  1. Copy the elasticsearch folder and its contents from the ZIP archive you downloaded to your Program Files folder.

  2. Edit the elasticsearch.yml file in the %ProgramFiles%\elasticsearch\config folder.

  3. In the Path section, enter the data and log paths, for example:

    path.data: C:\Program Files\elasticsearch\data
    path.logs: C:\Program Files\elasticsearch\logs
  4. In the Network section, change the network.host to 127.0.0.1 and save the file.

  5. From the command prompt, enter:

    cd %ProgramFiles%\elasticsearch
    bin\elasticsearch-service install
  6. Open the Services management console (you can enter services.msc at the command prompt).

  7. Locate the  Elasticsearch service and change Startup Type to Automatic.

  8. Right-click the service and select Start.

Install Siren Investigate as a Windows service

Installing Siren Investigate as a service with Windows requires use of the third-party tool NSSM (https://nssm.cc/download). Because it configures services, anti-virus software may identify it as "riskware". However, an SHA checksum and source code are provided. You can verify the checksum using the Microsoft File Checksum Integrity Verifier (https://www.microsoft.com/en-us/download/details.aspx?id=11533).

  1. Copy the siren-investigate folder and its contents from the Siren platform ZIP archive you downloaded to your %ProgramFiles% folder.

  2. Copy the nssm.exe program from the win64 folder in the NSSM ZIP archive you downloaded to the %ProgramFiles%\siren-investigate\bin folder.

  3. Set the INVESTIGATE_HOME environment variable to %ProgramFiles%\siren-investigate.

  4. From the command prompt, enter %ProgramFiles%\siren-investigate\bin\nssm install "Siren Investigate".

  5. In the Application Path box, enter %ProgramFiles%\siren-investigate\bin\investigate.bat.

  6. In the Startup directory box, enter %ProgramFiles%\siren-investigate.

  7. On the Details tab, in the Display name box, enter Siren Investigate.

  8. On the Dependencies tab, in the box enter elasticsearch-service-x64.

  9. Click Install service.

  10. Open the Services management console (you can enter services.msc at the command prompt).

  11. Locate the Siren Investigate  service, right-click it and select Start .

Installing Siren Platform as a Linux service

Install Elasticsearch as a Linux service
  1. Create a system user for the service, for example adduser --system elasticsearch.

  2. Copy the elasticsearch folder and its contents from the ZIP archive you downloaded to the /opt folder and then set the permissions for the system user, for example sudo chown -R elasticsearch /opt/elasticsearch

  3. Edit the elasticsearch.yml file in the /opt/elasticsearch/config folder.

  4. In the Path section, enter the data and log paths, for example:

    path.data: /opt/elasticsearch/data
    path.logs: /opt/elasticsearch/logs
  5. In the Network section, change the network.host to 127.0.0.1 and save the file.

  6. From the command prompt, as root enter:

    cat <<EOF >/opt/elasticsearch.environment
    ES_JAVA_OPTS="-Xms4g -Xmx4g"
    EOF
    
    cat <<EOF >/etc/systemd/system/elasticsearch.service
    [Unit]
    Description=Elasticsearch (Siren)
    After=network.target auditd.service
    
    [Service]
    WorkingDirectory=/opt/elasticsearch
    EnvironmentFile=-/opt/elasticsearch.environment
    ExecStart=/opt/elasticsearch/bin/elasticsearch
    KillMode=process
    Restart=on-failure
    RestartPreventExitStatus=255
    Type=simple
    User=elasticsearch
    LimitMEMLOCK=infinity
    LimitNOFILE=65536
    
    [Install]
    WantedBy=multi-user.target
    Alias=elasticsearch.service
    EOF
    
    echo "vm.max_map_count = 262144" > /etc/sysctl.d/99-elasticsearch.conf
    sysctl -p /etc/sysctl.d/99-elasticsearch.conf
    ln -s ../elasticsearch.service /etc/systemd/system/multi-user.target.wants/
    systemctl daemon-reload
    systemctl start elasticsearch
Install Siren Investigate as a Linux service
  1. Create a system user for the service, for example adduser --system siren.

  2. Copy the siren-investigate folder and its contents from the ZIP archive you downloaded to the /opt folder and then set the permissions for the system user, for example sudo chown -R siren /opt/siren-investigate.

  3. From the command prompt, as root enter:

    cat <<EOF >/etc/systemd/system/siren.service
    [Unit]
    Description=Siren Investigate
    After=network.target auditd.service
    
    [Service]
    WorkingDirectory=/opt/siren-investigate
    EnvironmentFile=-/opt/siren.environment
    ExecStart=/opt/siren-investigate/bin/investigate
    KillMode=process
    Restart=on-failure
    RestartPreventExitStatus=255
    Type=simple
    User=siren
    
    [Install]
    WantedBy=multi-user.target
    Alias=siren.service
    EOF
    
    ln -s ../siren.service /etc/systemd/system/multi-user.target.wants/
    systemctl daemon-reload
    systemctl start siren
Test your connection

In your browser, navigate to http://localhost:5606/status. If the Elasticsearch and Siren Investigate services are running, the sign in screen is displayed.

Next steps

Import data either by using Logstash, by connecting to JDBC datasources, or by uploading Excel or CSV files.