Get started
Open source

Open and auditable by design.

The core nano SIEM engine is published under AGPL-3.0. Read the code, run it yourself, or let us host it for you, the choice is yours, and the engine stays the same either way.

View source on GitHub See hosted plans
Why open

Security tools should be readable.

A SIEM sits on the most sensitive data in your organization. We think the people running it should be able to see exactly what it does.

01 · Auditable

Auditable detection logic.

Security teams can read every line of how alerts are generated, how data is parsed, and how the engine behaves under load. No black boxes between you and your data.

02 · No lock-in

No vendor lock-in on your data plane.

If we ever stop being the right vendor for you, the engine keeps running. You can host it yourself under AGPL-3.0, the code doesn't disappear with the subscription.

03 · Community

Community-driven detections.

Detection rules and parsers improve faster when they're open. Practitioners contribute the rules they actually use, and everyone benefits.

04 · Transparency

Trust through transparency.

A SIEM is a security-critical piece of infrastructure. "Trust us" isn't a good answer. Reading the source is.

What's open

Open core, commercial platform.

The engine is open. The operationalized platform, the commercial modules, the managed hosting, the support, is what you pay for.

Feature Open-source engine Hosted / BYOC platform
Core ingestion + storage engine (Rust + ClickHouse) Open (AGPL-3.0) Included
Search, dashboards, detections Open (AGPL-3.0) Included
Parsers + log-source integrations Open (AGPL-3.0) Included
Cases / case management Commercial
pivt investigations Commercial
Risk scoring + auto-tuning Commercial
AI triage (pivt) Commercial
Managed hosting + provisioning Commercial
BYOC deployment automation Commercial
SLA + support Community Commercial
Licensing

Two licenses, clearly separated.

If you're an enterprise legal team reading this, the short version is below.

When you run the engine yourself

AGPL-3.0

The open-source nano repository is licensed under the GNU Affero General Public License v3.0. AGPL applies only to the engine code itself, on the infrastructure you control.

When you use our hosted / BYOC platform

Commercial

Our hosted and Bring-Your-Own-Cloud offerings, including premium modules, managed provisioning, and support, are separately licensed under our commercial Terms of Service. The commercial product is not AGPL-encumbered.

See Terms § 3.1 for the formal version. Questions about licensing for your specific deployment? Talk to us.

Which one

Self-host the OSS, or let us run it.

Both paths use the same engine. The difference is who carries the operational weight.

Self-host (AGPL)

You run the engine.

  • Full control of data plane, retention, and tuning
  • No usage limits we can enforce
  • You operate Postgres, ClickHouse, ingestion, upgrades, and detection content
  • Community support via the repo
  • Commercial modules (Cases, pivt, risk, AI triage) not included
Hosted / BYOC (Commercial)

We run the engine.

  • Same engine, packaged with the commercial modules
  • Managed cloud or your cloud (BYOC), isolated per tenant
  • Upgrades, patching, retention tiers, SLA, and direct support
  • Detection content curated and updated for you
  • One bill, no infra ownership

Read the source. Then decide.

Both paths run the same engine. Start with whichever fits, and switch when you outgrow it.

Read the source on GitHub See hosted plans