Introduction to Siren Platform

Welcome to the documentation for Siren Platform version 11.0.

You can select a previous version by using the dropdown menu in the navigation bar. To access all previous versions, go to www.docs.siren.io.

What is investigative intelligence?

Sometimes, the answer to a specific question is simple. However, the investigative process that is used to find that answer is often complex and unique to that single investigation.

While business intelligence, enterprise search, link analysis (in a knowledge graph), and log or stream searching and alerting are useful for completing specific tasks, Siren Platform combines all of these methods to answer new questions.

Siren Platform investigative intelligence

Architectural overview

Siren Platform comprises two main elements and several add-on modules and integrations.

  • - Siren Investigate: A browser-based visualization tool that provides powerful graphical and analytical capabilities.

  • - Siren Federate: A plug-in that is installed in an Elasticsearch cluster to form the Siren Investigate back-end system.

Add-on modules:

  • - Siren ER (beta): An artificial intelligence (AI) component that enables entity resolution. Entity resolution is the ability to recognize that two or more separate records in the data are referring to the same real-world entity.

  • - Siren ML: A deep, learning-powered AI that provides two main capabilities; predictive analytics with alerting, and time series anomaly detection.

  • - Siren NLP (beta): A plug-in that adds pipeline operators to perform Natural Language Processing on data ingestion.

Integrations:

  • - Jira plugin (beta): The Jira plugin allows you to connect Siren Investigate to a Jira cloud or server instance. You can keep track of assigned tickets and export dashboard information as attachments to the tickets, directly from Siren Investigate.

  • - IBM® i2® Analyst’s Notebook plugin (beta): The i2 plugin allows you to save the graph that is currently displayed in the Graph Browser with all lenses applied and download it as an ANB graph file, which is compatible with IBM i2 Analyst’s Notebook.

The following diagram shows the relationship between the components:

Siren Platform architecture

In this diagram, the Siren Investigate front-end system connects to the Elasticsearch back-end system, where the Siren Federate plug-in is installed.

The back-end system, in turn, can connect to JDBC datasources (SQL or NoSQL) and to other Elasticsearch clusters or Web services.

An Associative Data Model is used to turn tables into a knowledge graph by specifying relations between datasets and, in doing so, drives the user experience.

Siren NLP is provided as an Elasticsearch plug-in, while Siren ML and Siren ER are Dockers that communicate with the main Siren Platform through their APIs.

You can download the plug-ins from Siren Support Portal.

Virtualizing data from multiple back-end systems

Another way of understanding the architecture is taking the point of view of an analyst.

When an analyst sees records in a dashboard or in the knowledge graph, these records are coming from any of the following sources:

  • The Elasticsearch back-end system, as a native index that is managed externally from Siren Platform. For example, a set of logs that are streaming into the system, continuously.

  • Elasticsearch, but imported directly by the user, such as by uploading a .csv file.

  • Elasticsearch, as part of a Web service invocation, which automatically loads response data into the cluster.

  • Elasticsearch, as part of reflection jobs, which pull tables or slices of remote JDBC data into Elasticsearch, either periodically or as one-off jobs.

  • Directly from remote datasources, thanks to the Siren Platform virtualization capability, which makes remote JDBC tables look like virtual Elasticsearch indexes with no need for an extract-transform-load (ETL) process.

Siren Investigate architecture

Now that you have a picture of Siren Platform and its architecture, it’s time to get started.