SQL search and analytics
Use SQL to search based on specific attributes–IPs, hostnames, URLs, date/time ranges–and run basic statistical analyses to support internal investigations.
Target availability Feb. ‘25
REDUCE THE COST OF LOG RETENTION
Avoid paying a premium for high volume, low fidelity security data storage. By sending that data to Red Canary, you’ll save money while maintaining accessibility for your team’s and Red Canary’s investigations.
KEY BENEFITS
Reduce SIEM costs
Pay a fraction of SIEM storage costs for high volume, low fidelity data sources like Firewall, DNS, and SASE logs.
Meet retention requirements
Prove to auditors that your data is retained and can be retrieved on-demand. If you need to export specific logs you can do so at any time.
Investigate stored data*
Ensure data availability for your team’s and Red Canary’s investigations, improving your security posture.
*Targeting availability H12025
The Challenge
Organizations face frustrating tradeoffs when executing their security data strategies. Optimizing for threat detection results in storing all potentially security-relevant data in an expensive SIEM, even if most of that data isn’t valuable for detection. Optimizing for storage costs requires building an analytic platform on top of a data lake, requiring significant initial and ongoing investment to operationalize a threat detection program.
Our Solution
Flexible and cost-efficient retention
Store raw data–JSON strings, syslog messages, anything that’s line delimited that you can write to an S3 bucket–for any length of time specified by you.
Available now
MDR enhancement
Red Canary can leverage the Security Data Lake during our investigations, strengthening your detection and response coverage.
Target availability Jun. ‘25
