OpenFrame SIEM

OpenFrame SIEM is the security event and log management layer of the OpenFrame platform. It centralizes events from across the MSP stack into a single normalized event store, giving security teams one place to search, correlate, and investigate activity instead of moving between tool-specific consoles. The platform Logs screen aggregates data from every integrated OpenFrame tool in a normalized format, so events from RMM, endpoint telemetry, identity, and remote access share a common schema. Fleet and osquery queries are a primary source of high-fidelity endpoint data feeding the store. Core capabilities today center on high-volume event ingestion, normalization across heterogeneous sources, retention, and fast search and filtering across the unified log view, with multi-tenant separation so an MSP can manage many clients from one deployment. An AI-powered anomaly detection engine is on the roadmap, layering automated baselining and outlier detection on top of the aggregated data. It is not yet generally available, so today the product is best understood as a normalized aggregation and search layer rather than a full detection-and-response SIEM. OpenFrame SIEM runs as part of the self-hostable OpenFrame core and shares the single OpenFrame data fabric, so log and event data sits alongside RMM, PSA, and remote access rather than in a siloed tool, with no per-seat licensing.