Open Source SIEM

The SIEM your team actually deploys.

No $150/GB pricing. No XML config files. No dedicated ops team. One binary. One command. Running in minutes.

Deploy NowView on GitHub
curl -sSL https://vigil.sh/install | bash

Capabilities

Built for real deployments.

Single binary, five platforms

Windows, Linux, macOS. No dependencies. No installer.

Structured JSON output

Every command accepts --output json. AI agents query it directly.

Sigma rules, no XML

Deploy detection rules from a YAML file in one command.

Web dashboard included

Run vigil web start. No separate frontend to deploy.

Forensic collection

Point-in-time artifact sweep with vigil forensic collect.

Enrollment tokens

Secure agent onboarding via short-lived registration tokens.

How it works

From zero to collecting in four commands.

01

Deploy the API

docker-compose -f api/docker-compose.yml up -d
02

Install the agent

curl -sSL https://vigil.sh/install | bash
03

Register

vigil agent register --name prod-box-01
04

Monitor

vigil alerts list --severity high --output json

Comparison

Not another enterprise SIEM.

Vigil
Traditional SIEM
Pricing
Free (self-hosted)
$150+/GB
Install time
5 minutes
Weeks
Config format
YAML (Sigma)
XML / proprietary
AI-native
Yes (--output json)
No
On-prem
Yes
Limited

Ready to deploy?

Self-hosted. Apache 2.0. No account required.

curl -sSL https://vigil.sh/install | bash
View on GitHubRead the docs