Get started
A SIEM built from scratch, not refactored.

A search bar your team stops avoiding.

Sub-second over billions of security events. A dedicated cluster on every plan. Honest tiered pricing. AI and infrastructure included. Built by responders, for responders.

Get started
Plans from $20/month AI included on every tier
nano dashboard with search results, the query timeline, and pivt's investigation summary. A nano case with the threat-assessment narrative pivt wrote, signal inbox on the left, and the entity panel on the right. Detection rules fleet view: 16 total, 3 firing now, 100% health, broken down by tactic. The rule editor with nPL source on the left and a live test-rule pane showing 9,856 matches. SIEM health page: pipeline status across ingestion, parsing, enrichment, detection, alerting, with an auto-generated narrative from pivt.

Connects to the stack you already have.

AWS
Microsoft Azure
Google Cloud
ClickHouse
Cloudflare
Why nano

The good parts of a SIEM. None of the bad ones.

Most SIEMs share infrastructure between tenants and bill you by the gigabyte. We sell tiers of capacity instead. Dedicated, with infrastructure and AI included. You always know what next month's invoice looks like.

01 · Speed

Search that finishes before you do.

Columnar storage and a query engine in Rust. The question that used to be a coffee break is now a sentence and a glance.

Sub-second over billions of events, including aggregations across a year of data.

02 · Isolation

One tenant per cluster. Yours.

Isolated compute, isolated storage, your own network policy. No shared clusters. No noisy neighbours.

Standard on every plan, including Hobby.

03 · Pricing

Plans. Not meters.

Pick the GB/day you need. AI and infrastructure included on every tier. The invoice on Monday looks like the invoice on the Monday before.

From $20/month for the Hobby tier, up to Enterprise. Honest tiers, no metered surprises.

How it works

Three steps. Not a services engagement.

You can be ingesting live traffic in minutes, not in a services engagement. We've watched a customer's first parser write itself while they were still on the onboarding call.

01   Ingest

Stream from anywhere.

Cloud, endpoint, identity, network, and that one webhook nobody understands. Drop in a sample line, nano writes the parser for you and shows you the rows.

Tested on AWS, Okta, CrowdStrike, Sysmon, plus 80+ others.

No regex
required.
02   Search

Ask in plain English.

Describe what you're looking for. nano gives you the query, the SQL, and a chart at once. Edit any of them if you want. No proprietary query language to learn.

0.84s across 1.2 B rows is a typical Tuesday.

No new query
language.
03   Investigate

Pivot. Don't dig.

pivt reads the alert, writes the story, and points at the next three questions. You stay in the driver's seat, and out of the docs tab.

Reads every detection you've shipped, every alert your team has closed, and the playbooks in between.

No more
grepping.
Open source core

Built in the open. Watch us ship it.

nano's core engine is open source. The roadmap, the architecture decisions, the bug tracker, all out where you can read them. We'd rather ship in public than pretend the product is finished.

Repository Read the source. Watch it grow. Changelog What shipped this week.
Meet pivt

An assistant that thinks like a responder, not a parser.

Woven into every surface of nano, from the moment a log lands to the moment an analyst closes the ticket.

01

A query, from a sentence.

"Failed logins followed by a privilege grant." pivt writes the query, runs it, and shows you what it found. Edit anything you want.

02

A parser, from a sample.

Drop in one weird log line: JSON, syslog, vendor format with a typo. pivt writes a parser, runs it on a batch, shows you the rows.

03

A summary, from an alert.

Open an alert and read the story first: who, where, what's unusual, and which three pivots are worth your next five minutes.

04

A detection, from a threat.

Describe what worries you. pivt drafts a rule, simulates it against your data, tells you the expected fire rate before you turn it on.

Light on its feet

Built in Rust. Stored in ClickHouse. Runs lean.

We tested nano under realistic load: 10 GB/day of ingest with active searches and live detections running, on a single 2-vCPU, 4-GB-of-RAM box. It hummed.

10GB/day
Live ingest under test. Searches and detections running, not idle.
2vCPU
Total compute. Roughly what a hobby laptop wastes on browser tabs.
4GB
Total memory. The whole platform, parsers and all.

That's the whole point of building it in Rust. Read the benchmark

Pricing

Plans by capacity. AI included.

Pick a tier that fits your data. Infrastructure and AI are part of every plan. The monthly bill is the monthly bill, even when ingest spikes.

See all plans Talk to a human
Hobby
$20/ month

For solo defenders and small side stacks. Infrastructure and AI included.

  • 2 GB/day ingest, about 31 events per second.
  • 365+ days retention with auto-recycle.
  • 10 data sources. Connect what matters.
  • pivt AI included. 300 requests/month on economy models.
  • Dedicated single-node VPS. Not a shared tenant.
  • 3 team members. Invite the rest of the team on Startup.
Create your account

Need more capacity? Startup, Growth, and Enterprise

Start small. Search big.

Try the live demo first. Real product, real data, no sales call required.

Get started Read the docs

Plans from $20/month · live demo available · cancel any time