Skip to main content


Welcome to Fluency SIEM

This user manual helps you get the most out of your data by using Fluency SIEM.


The manual aims to cover the technical aspects of the Fluency SIEM tool, and to demonstrate how Fluency enables organizations to collect, correlate, search, and report on diverse types of audit data.

For information on the Fluency Programming Lanuage (FPL), refer to the following link for the FPL Manual.


Fluency supports many ways to get data into the SIEM tool, listed on the Integration Matrix page.

  • Each cloud instance is a dedicated, per-client Syslog endpoint (w/TLS)
  • Support for many audit APIs from different products
  • Support for Azure EventHub
  • Compatible with Splunk's HEC (HTTP Event Collector), or similar HTTP webhook based collectors
  • Also supports data transfer / streaming directly from AWS S3 buckets


Fluency's proprietary EventWatch system correlates and generates alerts on collected data in real-time.

  • Behavior event summary (w/ UEBA)
  • Open-ended Risk Scoring system
  • Alert suppression
  • Instant notification / integration with ticketing systems

Fluency's proprietary LavaDB database is purpose-built for streaming data analytics, and provides a cost-effective solution without compromising on performance.

  • Scalable database, hosted on AWS archetecture
  • Dynamic and automatically resizes resources based on client size and data ingress rate
  • Task-based, parallel searching across long time slices
  • One year hot-searchable database by default


Among other things, Fluency's new Programming Language (FPL) excels at reporting.


This site is roughly divided into a quick start, usage, architecture & design, and reference sections.

Quick Start



Page last updated: 2023 Sep 08