Skip to content

AI-Driven Secure Log Intelligence

Log intelligence that never leaves your perimeter

Self-hosted log management and threat detection for classified, air-gapped, and regulated networks. Collect, enrich, detect, and respond — entirely inside your environment. No telemetry. No call-home.

Book a demo Try it — Docker eval in 5 min
  • FIPS 140-3
  • DISA STIG
  • CIS Level 1
  • OCSF v1.3
  • 100% Air-gap

Built for the networks others can't reach

Cloud SIEMs send your logs off-site.

Every event leaves your perimeter for a vendor cloud you can't fully audit — a non-starter for classified, air-gapped, and regulated networks.

Legacy SIEMs need a rule-engineering army.

Months of tuning, brittle correlation rules, and per-GB bills that punish you for collecting more of the data you need.

AI bolt-ons call home.

Most “AI security” ships your data to someone else's model. logrok runs detection where your data already lives — no call-home.

What logrok does

One platform, from raw log to resolved incident

01

Unified collection

syslog TCP/UDP/TLS, webhooks, cloud APIs, and files — 200K+ events/sec on a single node.

02

Four search modes

plain text, regex, Lucene, and natural-language AI search across billions of events.

03

AI noise filtering

automatically classify, route, or suppress repetitive log patterns to surface what matters.

04

Detection engine

25+ built-in rules with MITRE ATT&CK mapping, correlation logic, and a custom rule DSL.

05

Threat intelligence

curated IOC feeds matched live against the ingest stream.

06

20+ destinations

route to S3, Kafka, Splunk, Elasticsearch, Azure, GCP, Loki, Datadog, and more.

Architecture

Three planes. One sovereign deployment.

Control Plane

REST API, web UI, and an AI agent interface. Pipelines, search, alerts, and automation.

Ingest Plane

High-performance log collector with config agents. Zero-touch pipeline deployment.

Data Plane

SQL analytics engine, config store with row-level security, SSO, and encrypted local storage.

Runs entirely in your environment. No data leaves your perimeter.

Deploy it your way

VM appliance

FIPS-hardened Linux appliance on any major hypervisor or bare metal.

Air-gapped

Offline container images. No call-home license activation.

Kubernetes / k3s

Helm charts. Each plane scales independently.

Docker Compose

Single-host evaluation in under 5 minutes.

Why teams choose logrok

vs. cloud-only SIEMs

Data sovereignty and air-gap capability, zero telemetry, and no per-GB pricing surprises. Your logs never leave infrastructure you control.

vs. legacy SIEMs

AI-assisted triage and a modern, schema-native architecture — detection without a standing army of rule engineers.

FIPS 140-3 (OS-level CMVP #4823, #4750) · DISA STIG · CIS Level 1 · NIST SP 800-53 · CMMC Level 2 · OCSF v1.3

Zero telemetry. Sovereign on-premises operation.

See logrok on your own data

Book a guided demo, or stand up the full platform with Docker Compose in under five minutes.

Book a demo Download overview (PDF)