USE CASE · SECURITY ANALYTICS

SECURITY
ANALYTICS
AT SCALE.

Your SOC team spends more time waiting for dashboards than investigating threats. XERJ runs the canonical SIEM query battery — top source IPs, auth-failure clustering, lateral movement detection — at 74× the speed of Elasticsearch, on a single node that costs a fraction of a 4-node ES cluster.

SIEM QUERY BATTERY · P95 LATENCY · 1M EVENTS
XERJ ES 8.13
Top source IPs 0.4 ms 29.8 ms 74.5×
Auth failures / hour 0.3 ms 18.2 ms 60.7×
Lateral movement 1.2 ms 45.1 ms 37.6×
DNS tunneling 0.8 ms 32.7 ms 40.9×
Process tree anomaly 2.1 ms 89.3 ms 42.5×
Data exfil > 10 MB 0.6 ms 22.4 ms 37.3×
Brute force detection 0.5 ms 41.0 ms 82.0×
Geo-impossible login 1.8 ms 67.2 ms 37.3×

THE ELASTICSEARCH PROBLEM

THE XERJ ANSWER

74×
FASTER SIEM AGG
Top-source-IP terms agg, 1M events, p95
6.8×
MEDIAN QUERY SPEEDUP
16-query SIEM battery, geometric mean 8.0×
21×
LESS MEMORY
400 MB xerj vs 8.5 GB ES (4-node cluster)
AUTH FAILURES · WEEKDAY × 2H · 7 DAYS
 000204060810121416182022
MON434230381891771791801811874242
TUE282741411901821731751861774028
WED343628271841781831711841773728
THU363144371721851761791861713339
FRI274440341751891731751761713931
SAT1695135666467706853813
SUN126411676170536762510

SEE IT LIVE.

The playbook walks the full recipe — schema, ingest command, queries, and the dashboard. The playground runs on seeded data; benchmarks were measured against Elasticsearch 8.13 on 2026-04-14.

OPEN THE PLAYBOOK OPEN THE PLAYGROUND
READY?·REQUEST ACCESS

RUN IT ON
YOUR DATA.

Send us your SIEM event schema and a 24-hour sample. We'll run the head-to-head on your data and send back the numbers — with the reproduction scripts so you can verify.

We only use this email to send you the binary. Ever. ✓ THANKS. CHECK YOUR INBOX WITHIN 24 HOURS.