Built by Incident Responders

A SIEM for Security EnthusiastsStartupsGrowing TeamsEnterprises

A lightweight, AI-powered security event platform. Rust + ClickHouse performance. Predictable pricing. No per-GB surprises.

Get Started

Query editor

...
12345

source_type=sysmon

where risk > 50

table user, cmd

processing...

Results Timeline

847 events

10:42powershell.exe
10:41cmd.exe /c whoami
10:40suspicious.dll
rare

first_seen: now

risk

user: jsmith

AI Ready

"summarize..."
Google Cloud
AWS
Microsoft Azure
ClickHouse
Cloudflare
Why nano

What makes us different

Most SIEMs share infrastructure between tenants and charge by the GB. We don't do either.

0.8s avg query time
Speed

Sub-second search over billions of events

Built on ClickHouse columnar storage and a Rust backend. Queries that take minutes elsewhere finish in under a second.

99% uptime SLA
Reliability

Always on when it matters most

Kubernetes-native with health checks, auto-restarts, and horizontal scaling. Backed by a contractual uptime guarantee.

0 shared resources
Dedicated Tenancy

Your infrastructure. Not a shared cluster.

Every tenant gets isolated compute, storage, and network policies. No noisy neighbors. No shared infrastructure. On every plan.

Built-in AI Engine

Meet pivt AI

An AI engine woven into every surface of nano — from writing detections to investigating incidents. It understands security, not just syntax.

pivt ai
Detection

Writes production-ready detection rules from plain English threat descriptions

Investigation

Summarizes alerts, suggests pivots, and explains anomalies in context

Parsing

Generates log parsers from raw samples — no regex required

Search

Translates natural language questions into optimized queries instantly

AI-Powered Features

AI that actually helps

Generate detection rules, parsers, and queries from plain English. Our AI assistant understands security not just syntax.

AI Query Creator

Describe what you're looking for. Get the query instantly.

AI Parser Generator

Drop in a log sample. Get a working parser. No regex headaches.

AI Investigation Assistant

Summarize findings, suggest pivots, explain anomalies.

AI Detection Writer

Describe the threat. Get a production-ready detection rule.

Lightning-Fast Search

ClickHouse speed. Rust reliability.

Queries that take minutes elsewhere finish in seconds. Powered by ClickHouse columnar storage and a Rust backend that doesn't break.

Familiar piped query language — no new syntax to learn
1 2 3 4 5 6 7 8

source_type = proxy user = jsmith

earliest = -24h

stats count , sum ( bytes_out )

as total_bytes

by dest_host

where count > 100

sort - total_bytes

processing...

AI Generated Query:

Search: 14.2 events
Query time: 0.847s
powered by
Rust backend
async I/0
batched Write
Detection Pipeline

Detect in real-time. Or on schedule.

Sub-30-second detection with materialized views for simple IOCs. Complex correlations run on flexible schedules. Test rules in staging before they alert.

events
powershell.exe
Starts after a download
RULEs
2 /3
Detect powershell
Launched by office_apps
By user : jsmith
Real-time
Suspicious login
Malware execution
Privilege escalation
SCHEDULED CRON
Scheduled audit
Periodic check
Daily scan
EVALUATE
2 /2
Encoded command
New user session
ALERT
85%
User behavior matches

Materialized Views

Real-time detection, sub-30s latency

Staging Mode

Test rules before they fire alerts

MITRE Mapping

Auto-tagged with ATT&CK techniques

Risk Accumulation

Entity risk scores that decay over time

Prevalence & Threat Hunting

Rare = interesting

Prevalence tracking out of the box. Instantly see what's rare, what's first-seen, and what deserves attention. Filter by prevalence right in your queries.

Prevalence Radar
HUNT-READY
dest_host
hosts
prevalence
status
sketchy-domain.xyz
3
UNCOMMON
evil-c2-server.ru
1
RARE
google.com
847
COMMON
microsoft.com
621
COMMON
Query
13456789

source_type=proxyuser=jsmith

earliest=-24h

prevalencewindow=7d

enrich=true

wherehost_count<5

whereis_rare=true

tabledest_host,

host_count,

Log Ingestion

Parsers without the pain

50+ out-of-the-box parsers for common log sources. Need a custom one? Paste a sample, and our AI builds it for you. Hot-reload without restarts.

INFOBOX DHCP
GENERIC JSON
ZEEK
APACHE
SYSMON
SNORT
NGINX
WINDOWS DEFENDER
SQUID PROXY
CISCO ASA
AI PARSER FLOW
sample_log
1 2 3

2024-01-15 10:42:33 INFO

user = jsmith action = login

src = 192.168.1.50 status = ok

AI PARSER AGENT
Generated VRL Parser
1 2 3 4

. = parse_key_value (...)

.user = .user

.action = .action

.src_ip = .src

Validated against sample
Investigation:SUSPICIOUS_POWERSHELL_ACTIVITY
10:42

@search source_type=sysmon user=jsmith

~847 results

10:45

@pivot Added src_ip=192.168.1.50

10:48

@alert Matched: "Encoded PowerShell"

~Severity: High | Risk: +75

10:52

@summarize

~AI: "User jsmith executed encoded PowerShell from IP 192.168.1.50. Recommend checking parent process..."

11:00

@ioc Added: evil-payload.exe (SHA256:…

ADD NOTE
EXPORT TIMELINE
ANALYZE
Investigation Notebooks

Never lose your thread

Every search, every alert, every detection—automatically captured. AI suggests pivots and summarizes findings. Hand off investigations without losing context.

Predictable Costs

No per-GB surprises

Simple, predictable pricing. No ingestion fees that scale with your data. No surprise bills at the end of the month. Just straightforward cost you can plan for.

99% uptime SLA
Dedicated tenant infrastructure
Sub-second queries

Predictable flat pricing

Scales with your needs

Portable, open data

Know your cost upfront

Cost Estimate

Flat monthly price

No metered ingestion charges

Recommended

Traditional SIEM

$150/GB/day pricing

Scales with data volume

Vendor data lock-in

Surprise monthly bills

Cost Estimate

~$5.5M

Based on 100GB/day ingestion

Built by Incident Responders

Ready to hunt?

Get started in minutes. No credit card. No sales call.

Get Started Read the Docs