Stop fighting your data.
Start connecting it.

Grapl is a next generation SIEM for detection engineers
and incident responders.
Try Grapl now for free

Attackers think in graphs, shouldn’t defenders?

Grapl is a next-gen SEIM that helps security teams better understand their environment and keep it safe.

Grapl gives you limitless power to join your data across arbitrary data sources—cloud, endpoint, network, or in house data sources—and ergonomically model your environment.

Grapl includes models for relationships between processes and network connections.

You can leverage Grapl to model complex relationships between various types of events in your environment like a processes that's making network connections on an endpoint owned by a particular user in your environment. 

Grapl ships with built-in plugins so it’s ready to use with common data sources like process, asset, or users, or you can write custom plugins for events specific to your environment.

Grapl ingests your raw logs


Parses and supports any log inputs like osquery and sysmon, extracting out underlying information

Builds a unified graph data structure that represents all of the entities and behaviors in your network

Exposes that graph for analytics

You write attack signatures in Python


Abstract data regardless of the source

Build up a set of tools for querying the graph

Programmatic contexting of signatures

You can use it for for follow-up actions like custom additional contexting or notification actions.

Grapl detects suspicious activities other SIEMS can't in graph


Automatically send alerts to your D&R team

Responders can investigate the attack visually and in Jupyter notebooks

Correlate attacker behaviors at a glance

You catch attackers


Start off with a small, suspicious graph

Encompass the full scope of an attacker’s behaviors

Gives detection engineers control over how they want to explore their logs


Built by security engineers for
professional security teams

Graph-Based Queries

Catch attackers in your environment faster with more powerful, contextualized detection logic.

Confidence in Alerts

Express complex attacker behavior as a graph, and unit tests, linters, and static typing to your attack signatures.

Risk Based

Grapl leverages a risk based approach instead of
a binary black-and white alert based approach, eliminating the concept of false positives altogether.


Extend Grapl to represent all of your data using our plugin system.

Notebook Investigations

Leverage powerful data science tools like Jupyter notebooks for your investigations.

Code First Detentions

Build summary risk profiles using Python Programming Language to investigate suspicious activity in your environment.

Grapl lets you meet your working needs.

Working with security logs is a massive time sink that takes away time that you should be spending building new attack signatures and catching attackers.

Grapl cuts out tedious data-fighting work for you by cleaning and joining raw logs that get exposed as a powerful graph which represents all of your entities and behaviors across your environments.

Learn more

Interested in our product? Check out our Github. Reach out for a demo!

Connect with us on in our Slack Channel - we'd love to answer any questions you may have about our product.

Frequently asked questions

Can Grapl support my custom data sources?

Grapl provides plugin capabilities that can be leveraged to parse arbitrary datasources - you have the full power of code at your disposal to parse even the most complex data formats, leveraging open source libraries to do so.

Does Grapl come with any detection rules out of the box?

We build detection rules and open source them based on our own usage or user feedback. Some rules may only be available to customers upon request, and we're happy to assist customers who are looking to detect attacks we don't yet cover. You can find a set of Grapl detection rules

How does Grapl compare to other SIEMs?

Grapl is truly different from the rest of the SIEM marketplace. We're the only SIEM that provides a code and API first approach with powerful graph analytics, enabling detection that are hard or impossible in other SIEMs

When will I be able to use Grapl?

We're hard at work to make sure that Grapl is efficient, effective, and as secure as it can be. We expect to release in early 2022 - reach out for more details or if you're interested in being an early adopter.