Self-hosted SIEM platform that scores every event across 6 security criteria using LLMs, maps threats to MITRE ATT&CK, and filters all PII before it reaches the AI. Deploy in 5 minutes. Run for $2/month.
PII is filtered before any data reaches the LLM. 11 built-in masking categories (IPs, emails, credentials, etc.), custom regex patterns, and full field stripping. Verify with a live test filter.
Every event is evaluated by an LLM across IT Security, Performance, Failure Prediction, Anomaly Detection, Compliance, and Operational Risk. Each criterion uses a dedicated, tunable prompt.
AI findings carry optional technique IDs and confidence scores, mapped to the MITRE ATT&CK framework. Go from raw log to threat classification automatically.
Sliding-window pipeline aggregates scores into structured findings with deduplication (TF-IDF + Jaccard + LLM), severity decay, and auto-resolution when issues stop recurring.
Natural language queries over your entire event history. Ask "Were there failed SSH logins last night?" or "Summarize Docker issues from the past week." Persistent chat history.
Template deduplication, score caching, severity pre-filtering, batch sizing, and 12 more techniques reduce LLM costs by 80-95%. Real-time usage tracking per model and system.
RBAC with 20 permissions, immutable audit log (PostgreSQL trigger), bcrypt auth, session hashing, API key scopes with IP allowlists, OWASP Top 10 compliant.
Works with OpenAI, Azure, Ollama, LM Studio, vLLM — any OpenAI-compatible API. Swap models from the UI without redeployment. Self-host for air-gapped environments.
Syslog (UDP/TCP), OpenTelemetry, Fluent Bit, Vector, Logstash, Beats. Pull connectors for Elasticsearch, Loki, VictoriaLogs, Kafka, RabbitMQ. Auto-discovery of new sources.
No multi-hour setup. No YAML editing. Docker up in 5 minutes with full GUI configuration. Plus LLM-powered analysis that Wazuh doesn't have.
No feature-gated enterprise tier. Everything is free and open-source under MIT. AI analysis included, not an expensive add-on.
Built-in AI scoring and findings pipeline. No need to build detection rules, dashboards, or alerting from scratch. Connect Elasticsearch as a hybrid data source.
Self-hosted, no per-GB pricing, no vendor lock-in. AI analysis runs on any LLM provider you choose — including your own hardware.