nano.rs

What It Is

nano is an AI-powered SIEM covering log collection, search, detection, alerting, case management, and response assistance. Its core is built in Rust, storage uses ClickHouse, collection relies on Vector, and pivt AI helps generate parsers, queries, detection rules, and investigation summaries. The product emphasizes that it is “not a shared cluster”: each tenant gets dedicated infrastructure.

Core Capabilities and Deployment

In terms of protection coverage, nano is more of a security operations platform. It offers SIEM log analytics, MITRE-mapped detections, entity risk scoring, rarity/popularity baselining, automated enrichment, and case investigation. Deployment is flexible: users can choose Managed hosting, or deploy Self-hosted/BYOC in their own cloud. The open-source core is available for free self-hosting under AGPL-3.0. Lower-tier managed plans run on a single VPS, while higher tiers offer Kubernetes, HA, object storage, and dedicated SLAs. For integrations, the site mentions support for AWS CloudTrail, Okta, CrowdStrike, Sysmon, Palo Alto, Cloudflare, and more, along with 200+ community parsers, detection rules, and enrichment items.

Pricing and Compliance

Pricing is one of its key selling points: plans are tiered by GB/day capacity rather than metered by actual GB ingested. Annual pricing starts at about $17/month for Hobby, $116/month for Startup, $269/month for Growth, then moves up to Team, Business, Pro, and custom Enterprise plans. Managed plans include infrastructure, maintenance, and AI. On compliance, the website does not state that it has obtained certifications such as SOC 2 or ISO 27001. It only says it can support audit evidence and monitoring scenarios for SOC 2, HIPAA, and ISO 27001, so this should not be interpreted as the product or company being certified.

Pros and Cons

Its strengths include a transparent architecture, open-source core, predictable billing, dedicated isolation, and AI deeply integrated into the workflow. It is well suited to teams that do not want to invest heavily in professional services to build a SIEM. Potential drawbacks include limited disclosure around the company background and payment methods. Lower-tier managed plans use spot/preemptible instances, which may cause brief collection interruptions; API access, SSO/SAML, HA, priority support, and similar features also require higher-tier plans.

Who It’s For and Access from China

nano is suitable for individual security researchers, startups, growing SOC teams, and enterprise security teams that need controllable bills. Access from mainland China is unknown. The website does not mention China-based nodes, RMB payments, invoices, or local support. If it relies on AI providers such as OpenAI, Anthropic, or Google, BYOC deployments also need to evaluate network connectivity and compliance. Domestic alternatives to consider include Elastic Security, Wazuh, and Graylog, while cloud-based options can be compared with Microsoft Sentinel or local security operations platforms.