ByteFreezer Documentation¶

AI-Native. Open Source. Beyond SIEM Datalake.

ByteFreezer is a security data platform that records everything, stores it efficiently in Parquet format, and lets you query with AI. Store more data, longer, for a fraction of SIEM cost.

What is ByteFreezer?¶

Think security camera DVR, but for all your operational data.

# Configure your environment
environment = "cloud" | "onprem" | "airgapped"

# Collect from any source
for source in [UDP, TCP, Syslog, sFlow, IPFIX, HTTP, SQS, Kafka, NATS, Kinesis]:

    data = source.receive()  # logs, batches, or streams

    # Process with AI-configurable pipeline
    data = pipeline.filter(data)      # drop noise
    data = pipeline.sample(data)      # reduce volume
    data = pipeline.enrich(data)      # geo-tag, custom lookups

    # Store efficiently
    storage.write(
        data,
        bucket="s3://your-bucket",    # BYOB - Bring Your Own Bucket
        format="parquet",             # auto-partitioned, schema evolution
    )

# Query with AI
results = ai.query("Show failed logins from Russia last week")  # BYOA supported

ByteFreezer provides:

Universal Data Collection - UDP, TCP, Syslog, sFlow, IPFIX, HTTP, SQS, Kafka, NATS, Kinesis
Intelligent Processing - Filter, sample, enrich (including geo-tagging), transform
Efficient Storage - Parquet files with auto-partitioning and schema evolution
AI-Ready Querying - DuckDB integration, plug in your own AI model, or use ours

Key Differentiators¶

Feature	ByteFreezer	Traditional SIEM
Storage	Your S3/MinIO (BYOB)	Vendor lock-in
AI	Your model or ours (BYOA)	Limited/proprietary
Cost	Fraction of SIEM pricing	$$$ per GB
Retention	7-365+ days, you decide	Limited by cost
Air-gapped	FedRAMP ready	Often cloud-only

Data Flow¶

Sources (Proxy)  →  Processing (Piper)  →  Storage (S3/MinIO)  →  Query (AI/DuckDB)
     ↓                    ↓                      ↓                     ↓
  UDP/TCP/HTTP     Transformations         Parquet files         AI Agents
  Syslog/sFlow     Enrichers (geo)         Auto-partitioned      SQL queries
  SQS/Kafka        Filter/Sample           Schema evolution      Grafana

Quick Links¶

Getting Started

New to ByteFreezer? Start here to understand the basics.

Getting Started
Architecture

Understand the components: Proxy, Receiver, Piper, Packer, Control.

Architecture
Sources

Connect your data: UDP, TCP, Syslog, sFlow, Kafka, and more.

Sources
Processing

Transform, filter, sample, and enrich your data.

Processing
Storage

Parquet files in S3/MinIO with auto-partitioning.

Storage
Query & AI

Query with DuckDB, AI agents, or your own model.

Query

Deployment Options¶

ByteFreezer offers flexible deployment models:

Option	Description
Open Source	Self-hosted, full control
Managed	We run compute, you own data
Control	You run everything, keep certifications
Consulting	White-glove for high-security environments

Need Help?¶

Check the Getting Started guide
Browse the Architecture for component details
Review the API Reference for programmatic access
Visit GitHub for source code