Caver
← All docs
Getting started

Talk to us about scoping.

Every Caver rollout starts with a short scoping conversation, not a sales funnel. Tell us what you run today, how much you ingest, and where your data has to live. We map that to a deployment shape and a migration path that keeps your current SIEM running until you are ready to cut over. No rip and replace, no per-GB meter.

4
Deploy models
123
Content packs
4,000+
Detection rules
48:1
Compression

Start with a scoping conversation

The fastest way in is a direct email. Send us a rough ingest volume, the sources that matter most, your compliance and residency constraints, and whether you need OT/ICS or AI-security coverage. We come back with a deployment recommendation, a migration outline, and transparent per-deployment pricing. You talk to the team that builds Caver, not a reseller.

Talk to us about scoping →

Deployment options

Caver runs where your data has to run. The engine, the open OCSF Parquet lake, and the collectors are identical in every mode, so nothing about the data model changes if you move between them later.

Managed cloud
RedEye operates Caver for you: we stand up the lake, the compute plane, and the collectors, handle upgrades and content updates, and hand you the console. The fastest path to value.
Self-hosted in your cloud
Run Caver in your own AWS, Azure, or GCP account against your own object storage. You own the bucket and the keys. We supply the images, Helm charts, and content packs.
On-premises
Run the whole platform on your own hardware with MinIO or any S3-compatible store. No dependency on a public cloud. Built for strict data-residency requirements.
Air-gapped
Caver deploys inside disconnected networks. The deployment server distributes app and content updates internally, and the evidence verifier runs fully offline. Suited to OT/ICS and classified environments.

What a rollout looks like

A migration runs in parallel with your existing SIEM. Your team keeps answering alerts the whole time and cuts over only once Caver is proven against your own data.

1. Scopevolume, sources, residency
2. Ingestcaver-collector to OCSF
3. Federatepeer your current SIEM
4. Detectionsstand up content packs
5. Go livecut over on your schedule
Federate during migration
Caver registers as a distributed search peer of your existing Splunk with no forwarder or source changes, and federation modes ship for Elastic / Kibana, Microsoft Sentinel, Sumo Logic, and Datadog. Run both side by side and compare results on live data before you commit.
Detections on day one
123 content packs and 4,000+ CAVERN rules map to your sources out of the box. Caver Forge drafts fresh detections from newly published CVEs, grounded in your OCSF schema, so coverage keeps pace after go-live.

Support and licensing

Licensing is a flat, transparent per-deployment key. No per-GB ingest meter, no rehydration fees, no surprise overage bill as your telemetry grows. Migration tooling ports your existing content: Splunk peer mode receives SPL unchanged, and caver-migrate carries a Sentinel deployment over, including its KQL. You work directly with the engineers who build the platform, and app and content updates reach your collectors automatically through the deployment-server subscription pipeline.

Where the deeper docs live

Ready to scope your migration?

Send one email with your rough ingest volume and the sources that matter most. We come back with a deployment recommendation and a migration plan sized to your environment. matt@redeyesecurity.com

Still comparing? Read how Caver stacks up vs Splunk, or start with how it works.