§ The Lake

The open security data lake.

Every security event, from every source, in open formats with unlimited retention. Your bucket, ours, or fetched on demand — and read by any agent that speaks SQL or MCP.

Ingest

Every event. Every source. One lake.

Whether your data starts in a SIEM, an EDR, a SaaS, or a custom app, it ends up here — landed as columnar Parquet on object storage, open by default and durable forever.

Sources

Where your logs come from.

SIEM

Export colder data from Splunk, Sentinel, Elastic, and others into LogSeam for long-term retention and lightning-fast search. Drop-in S3 destinations preserve your original SIEM schema as open Parquet.

Security Products

Centralize telemetry from EDR, firewall, IAM, and cloud posture tools. Open formats ensure permanent access without vendor lock-in. Unified retention with intelligent tiering and enterprise-grade RBAC.

Log Pipelines

Already using Cribl, Monad, or other pipelines? Add LogSeam as your durable, cost-efficient destination. Simple S3-compatible target config with high-throughput, low-latency ingestion.

Direct Logs

Send logs from any source that outputs JSON: Vector, Fluent Bit, Logstash, and more. Single S3-compatible endpoint for all environments with automatic schema-on-read and global replication.

Ingestion methods

Three ways in. Pick what fits.

YOUR BUCKET

Use your S3

Point at your S3-compatible bucket
Keep full ownership and controls
Your IAM, your encryption keys
Data never leaves your account
Zero migration required

LOGSEAM BUCKET

Managed by us

Dedicated managed bucket
Global replication built in
11+ nines durability
Streamlined onboarding
Optimal performance guaranteed

WE FETCH

No agent required

Collect from any location
Normalize on ingest
Secure API-based retrieval
Scheduled or real-time pulls
No agent installation needed

The comparison

Traditional SIEM vs the Lake.

01 / TRADITIONAL SIEM 01

The model you're used to

And the limits you've learned to accept.

Proprietary data formats
Retention caps and tiered pricing
Fixed compute — pay for idle
Single-vendor query tools
Data locked behind vendor APIs
Months to onboard new sources

02 / THE LAKE 02

Built from first principles for the AI era

Modern. Open. Yours.

Open formats (Apache Parquet)
Unlimited retention — no data caps
Dynamic compute — scales to zero
Full SQL + MCP
Your data, your bucket, your tools
Any source in minutes, not months

What we do with your data

From logs to a queryable, catalogued lake.

Ingest is just the first step. Behind the scenes, every event is compressed, optimized, indexed, catalogued, and continuously understood — so by the time you query, the lake already knows what's in it.

01 · Compress

Raw JSON is normalized and packed into columnar Apache Parquet. 10–20× smaller than the source, fast to scan, cheap to keep forever.

02 · Enhance

We upgrade every file to the latest Parquet revision — bloom filters, page indexes, statistics, dictionary encoding — so queries skip everything they don't need.

03 · Store

Files are partitioned, tiered, and compacted for the access pattern you actually have. Hot data is fast, cold data is cheap, and neither requires re-architecting your retention policy.

04 · Catalog

Every dataset registers in an open catalog with schema, partition spec, and time-travel snapshots. The lake is discoverable — by humans, by SQL clients, and by agents.

05 · Understand

Our Rosetta Stone continuously studies the lake — what each column means, how values relate across sources, which entities link to which. Schemas drift, vendors rename fields, new sources show up — the catalog keeps up.

See what your SIEM is missing.

Request access →