Vulcan SIEM

The fastest SIEM ever built.

VulcanSIEM is a security analytics engine built for speed, not excuses. It is designed from the ground up to ingest, normalize, and query logs orders of magnitude faster than existing SIEM platforms. We use technologies that are normally used in Formula 1 and High-Frequency Trading as part of our core infrastructure components.

Performance

Measured on single‑node environments:

• 420× faster than Splunk
• 210× faster than Elastic SIEM
• 100× faster than Azure Log Analytics (Sentinel)
• 70× faster than Google Chronicle

These systems were not built for modern security workloads. VulcanSIEM was.

Why It’s Faster

• No mandatory agents
• No late parsing
• No schema-on-read
• No JSON walking at query time
• No distributed overhead on a single node

Logs are normalized once, immediately, into a tightly packed, columnar internal schema optimized for security analytics. Queries scan columns, not documents.

Ingestion

• Syslog (RFC5424, RFC3164)
• CEF, LEEF, OCSF
• JSON / ndJSON
• TCP syslog and HTTPS ingest

Use existing forwarders. Use operating system defaults. Agents are optional. Usually unnecessary.

Status

Early development. Benchmarks are being made reproducible and will be published. Detection packs and documentation are in progress.

This project is built by @timosarkar who was tired of waiting minutes for answers that should take microseconds. Contact us for demo.

* Comparisons are based on single‑node test environments and focus on raw ingestion and query performance. Managed cloud services introduce unavoidable overhead unrelated to core engine design.