PIPEDA + SOC 2 + ISO 27001-aligned - 100% Canadian data residency

See every threat, across every Maple app and cloud - in one Canadian SOC.

MapleSIEM is a Canadian-hosted security information and event management platform with Sigma-compatible threat detection, MITRE ATT&CK mapping, time-windowed correlation, and audit-ready PIPEDA + SOC 2 + ISO 27001 reports. Real-time event streaming, GeoIP + threat-intel enrichment, and flat per-site CAD pricing.

MapleSIEM SOC dashboard showing a severity-colored event timeline, a threat-map blob, a correlation-alert card reading 3 alerts in past 24h, and MITRE ATT&CK tags
20+
Prebuilt log-source parsers
100%
Canadian data residency
7-yr
Cold-archive retention
25+
MITRE-tagged detection rules
What's inside

Everything a Canadian SOC needs - without the SIEM tax

Log ingestion, Sigma-compatible threat detection, MITRE ATT&CK mapping, and audit reports in one Canadian-hosted product. No per-GB ingest fees and no query language to learn.

📊

Real-time SOC dashboard

Live severity-colored event stream, GeoIP + threat-intel enrichment chips, open-findings and correlation-alert counters, and a volume sparkline - all on one screen.

🧾

Sigma-compatible detection

25+ prebuilt MITRE-tagged rules out of the box, plus your own custom rules in the open Sigma standard - no proprietary query language to learn.

🎯

MITRE ATT&CK mapping

Every detection is tagged with tactic + technique IDs. Quarterly coverage reports show where your detections sit across the matrix on the Business plan.

Time-windowed correlation

Threshold and sequence rules collapse noisy bursts into single alerts - e.g. repeated failed logins from one IP, or a failed-then-privileged sign-in pattern.

🌏

Flexible log ingestion

Batch ingest API with prebuilt parsers for JSON, CEF, syslog, web access logs, SSH/auth, Windows events, and mail logs - plus your Maple apps via a fail-soft event client.

📍

100% Canadian data residency

Every event, finding, and audit report lives inside Canadian datacenters. No replication to U.S. infrastructure - PIPEDA, SOC 2, and ISO 27001-aligned by default.

From raw logs to a working SOC in four steps

Most teams are ingesting their first events and seeing MITRE-tagged detections the same day they sign up. No query language to learn, no per-GB ingest surprises.

  1. 1

    Create your MapleSIEM site

    Sign up and spin up a site in minutes. You get a Canadian-hosted collector endpoint and an API key right away. No credit card for the trial.

  2. 2

    Point your log sources at it

    Send events to the batch ingest API in JSON or CEF, or use the prebuilt parsers for syslog, web access logs, SSH/auth, Windows events, and mail logs - plus every Maple app.

  3. 3

    Watch detections light up the SOC

    Prebuilt Sigma rules tag events with MITRE ATT&CK tactics and techniques as they arrive, while time-windowed correlation collapses bursts into single alerts.

  4. 4

    Export audit-ready reports

    Generate printable and CSV audit reports mapped to PIPEDA, PHIPA, SOC 2, and ISO 27001 controls - on demand or on a recurring schedule.

In the wild

See it in action

Security monitoring and incident response for Canadian SMBs.

MapleSIEM cybersecurity dashboard with red and green threat indicators across multiple monitors in a dark Canadian SOC workspace
How we stack up

MapleSIEM vs. Splunk, Elastic SIEM, Wazuh

Canadian-hosted and billed in CAD, with Sigma detection, correlation, and audit reports built in - no per-GB ingest meter and no query language to learn. Competitor details are illustrative and approximate.

Feature MapleSIEM Splunk Elastic SIEM Wazuh (self-host)
Canadian data residency (PIPEDA) DIY
CAD billing, no FX fees USD USD Free / DIY
Flat per-site pricing Per-GB ingest Per-GB / node Self-host cost
Query language to learn None SPL KQL / EQL OpenSearch DSL
Open Sigma rule format Add-on Add-on
MITRE ATT&CK mapping Built in
Audit reports (PIPEDA + SOC 2 + ISO 27001) Built in DIY DIY DIY
Managed / no-ops hosting Cloud tier Cloud tier
Starts at $49 CAD / mo / site $$$ USD $$ USD Free + your time

Competitor names are trademarks of their respective owners. Comparison reflects typical offerings and is provided for illustration only.

SOC in motion

Logs flowing, rules firing, threats enriched.

A peek at the kinds of activity flowing through a MapleSIEM site on a typical day. Illustrative; sites and details anonymized.

Live activity last 30 sec
    0
    Prebuilt log-source parsers
    0%
    Canadian data residency (PIPEDA)
    0
    Cold-archive retention (Enterprise)
    Plans & pricing

    Simple Canadian pricing

    Flat per-site pricing in CAD - no per-GB ingest fees, no per-host charges. Cancel any time. Charity rate available - email support@mapleworksuite.com.

    Starter

    $49
    CAD / mo / site
     
    • 5,000 events/day
    • 30-day hot retention
    • 25+ prebuilt detection rules
    • Email alerts
    • MITRE ATT&CK tagging
    Start Starter

    Pro

    $99
    CAD / mo / site
     
    • 50,000 events/day
    • 90-day hot retention
    • Unlimited custom Sigma rules
    • GeoIP + threat-intel enrichment
    • PIPEDA + SOC 2 + ISO 27001 audit reports
    Start Pro

    Enterprise

    $499
    CAD / mo / site
     
    • Unlimited events/day
    • 3-year hot + 7-year cold retention
    • Custom MITRE detection packs
    • Admin / Analyst / Viewer roles
    • Per-tenant retention policies
    • ISO 27001 + PHIPA reports
    Start Enterprise
    Questions & answers

    Frequently asked questions

    Common questions about MapleSIEM. Have something else? Email support@mapleworksuite.com.

    What is MapleSIEM?
    MapleSIEM is a Canadian-hosted security information and event management (SIEM) platform with AI-driven threat detection, MITRE ATT&CK mapping, and audit-ready PIPEDA + NIST exports. It ingests logs from your Maple apps, cloud providers, firewalls, endpoints, and identity systems, then surfaces real-time anomalies in a single SOC dashboard.
    How is MapleSIEM different from Splunk, ELK, or Datadog Security?
    MapleSIEM gives you the practical 80% of Splunk or Datadog Security without per-GB ingest fees or a query language to learn. It is preconfigured for SMB and mid-market workloads, hosts every byte inside Canada, and flat-prices per site instead of per host or per ingest GB. Unlike open-source ELK, you do not run any infrastructure yourself.
    What log sources does MapleSIEM support?
    Out of the box: every MapleWorkSuite app, AWS CloudTrail, Azure Activity + Entra ID, Google Workspace, Office 365 + Defender, Cloudflare, common firewalls (Fortinet, Palo Alto, pfSense), Linux syslog, Windows Event Forwarder, Okta, JumpCloud, and any source that can push syslog or webhooks. Custom parsers are available for Pro and above.
    How does the AI threat detection work?
    Pro and Business plans include an AI threat summary that clusters anomalies (failed logins, privilege escalations, unusual exfil patterns, MITRE technique chains) into plain-English narratives. For example: "3 anomalies in past 24h - 1 critical: brute-force on auth from 5 IPs in Eastern Europe targeting admin@example.ca." Every alert links back to the raw events so analysts can verify, not just trust the AI.
    Does MapleSIEM map detections to MITRE ATT&CK?
    Yes. Every prebuilt detection is tagged with the relevant MITRE ATT&CK tactic + technique IDs (e.g. TA0006 Credential Access, T1110 Brute Force). Custom rules let you add your own tags. The Business plan ships with quarterly heatmap reports showing your coverage across the full MITRE matrix.
    Is MapleSIEM PIPEDA and NIST compliant?
    MapleSIEM is built for Canadian compliance: 100% Canadian data residency, signed audit trails, PIPEDA-aligned retention controls, and NIST 800-53 + CSF mapped reports on Enterprise. Pro and above can export evidence packages directly for auditors. We do not certify your business, but auditors find the trails clean and signed.
    What retention and audit exports does MapleSIEM provide?
    Retention scales by plan: 30 days hot on Starter, 90 days on Pro, 1 year on Business, and 3 years hot + 7 years cold on Enterprise. Audit exports include PDF evidence packages, CSV event dumps, signed JSON manifests, and a MITRE coverage heatmap. Pro and above can schedule recurring audit packages by email.
    How much does MapleSIEM cost in CAD?
    Per-site flat pricing: Starter $49, Pro $99, Business $249 (most popular), and Enterprise $499 CAD per month per site. No per-GB ingest fees, no per-host charges, and no annual commitment required. All plans include MITRE ATT&CK tagging and PIPEDA-aligned retention controls.
    Do I actually need a SIEM for a small business?
    If you have to answer to clients, auditors, or a cyber-insurance form about how you'd detect a breach, you need something. MapleSIEM is built for SMB and mid-market teams that can't justify a full SOC tool like Splunk but still need real-time alerting, log retention, and audit-ready reports. If a customer or insurer ever asks 'show me your security logs from 90 days ago,' a SIEM is the difference between an answer and a shrug.
    Who is MapleSIEM built for?
    Canadian SMBs and mid-market teams that need security monitoring without hiring a security engineer or running infrastructure. Typical users are IT generalists, MSPs managing several client sites, and businesses chasing SOC 2, HIPAA-style, or PIPEDA compliance. If you're a Fortune 500 with a 24/7 SOC and a dedicated SPL team, Splunk is probably still your tool — we're the practical 80% for everyone below that.
    What's the difference between a SIEM, log management, and an EDR?
    Log management just stores logs. An EDR (endpoint detection) watches individual devices. A SIEM like MapleSIEM sits above both — it ingests logs from many sources (cloud, firewalls, identity, endpoints, your apps), correlates events across them, and raises alerts when patterns look like an attack. The value is the correlation: a failed login here plus a privileged sign-in there becomes one alert, not two stray log lines.
    Can an MSP or IT provider run MapleSIEM for multiple clients?
    Yes. MapleSIEM is priced and structured per site, so an MSP can stand up a separate site per client, each with its own collector endpoint, API key, and retention policy. Enterprise adds Admin / Analyst / Viewer roles and per-tenant retention policies. Flat per-site CAD pricing makes the math predictable when you're billing clients.
    How long does it take to set up MapleSIEM?
    Most teams ingest their first events and see MITRE-tagged detections the same day they sign up. You create a site, get a Canadian-hosted collector endpoint and API key immediately, then point your log sources at the batch ingest API or use a prebuilt parser. There's no query language to learn and no infrastructure to deploy.
    How do I get started — is there a trial?
    Sign up at the MapleSIEM signup page, no credit card required for the trial. You'll get a site, a collector endpoint, and an API key right away, plus 25+ prebuilt detection rules active out of the box. Send some logs and watch the SOC dashboard light up. You can pick a paid plan when you're ready; cancel any time.
    Do I need to install an agent on my servers?
    No agent is required. MapleSIEM uses a batch ingest API — anything that can push JSON, CEF, syslog, or webhooks can send events. Prebuilt parsers handle syslog, web access logs, SSH/auth, Windows events, and mail logs, and your Maple apps report in through a fail-soft event client. You send the logs; we parse, enrich, and detect.
    Is there a query language I have to learn?
    No. Unlike Splunk (SPL) or Elastic SIEM (KQL/EQL), MapleSIEM has no proprietary query language to learn. Detections run on the open Sigma rule standard, the SOC dashboard surfaces findings visually, and Business plans add saved searches and case triage. Detection logic is portable Sigma, not a vendor lock-in dialect.
    What log formats can MapleSIEM ingest?
    The batch ingest API accepts JSON and CEF directly, plus prebuilt parsers for syslog, web access logs, SSH/auth logs, Windows events, and mail logs. There are 20+ prebuilt log-source parsers. Anything that can push syslog or webhooks can feed it, and custom parsers are available on Pro and above.
    How many events per day can I send?
    It scales by plan: Starter handles 5,000 events/day, Pro 50,000/day, Business 250,000/day, and Enterprise is unlimited. Billing is flat per site — there are no per-GB ingest fees, so a noisy day doesn't trigger a surprise bill. If you outgrow a tier, you move up a plan rather than paying a metered overage.
    Will MapleSIEM ingest logs from my cloud and SaaS tools?
    Yes. It ingests from AWS CloudTrail, Azure Activity + Entra ID, Google Workspace, Office 365 + Defender, Cloudflare, common firewalls (Fortinet, Palo Alto, pfSense), Okta, JumpCloud, Linux syslog, and Windows Event Forwarder — plus every MapleWorkSuite app. If a source can emit syslog or webhooks, it can land in MapleSIEM.
    How does alerting work in MapleSIEM?
    As events arrive, Sigma rules tag them and time-windowed correlation collapses noisy bursts into single alerts — for example, repeated failed logins from one IP, or a failed-then-privileged sign-in pattern. Alerts surface on the live SOC dashboard and go out by email. Every alert links back to the raw events so an analyst can verify rather than just trust it.
    How does MapleSIEM avoid alert fatigue?
    Time-windowed threshold and sequence rules collapse bursts into one alert instead of one per event — 18 raw events can become 3 alerts. Severity coloring, GeoIP and threat-intel enrichment, and MITRE tagging help you triage at a glance, and Business plans add case triage so a finding becomes one tracked case. The goal is fewer, higher-signal alerts, not a firehose.
    Can I get alerts by email?
    Yes. Email alerts are included on every plan, starting at Starter. Higher tiers add scheduled audit-report delivery by email as well, so you can have both real-time alerts and recurring compliance packages landing in your inbox.
    Can I write my own detection rules?
    Yes. MapleSIEM ships 25+ prebuilt MITRE-tagged rules, and you can add your own using the open Sigma standard — unlimited custom Sigma rules are included from the Pro plan up. Because they're standard Sigma, your detection logic isn't trapped in a proprietary format. Enterprise can also load custom MITRE detection packs.
    What kinds of threats can MapleSIEM detect?
    Out of the box it detects patterns like brute-force on authentication, impossible-travel sign-ins, privilege escalation, new admin account creation (T1136), suspicious mailbox-rule changes (T1114), and web path-traversal attempts (T1190). Each detection maps to a MITRE ATT&CK technique, and time-windowed correlation catches multi-step patterns a single log line would miss.
    What is Sigma and why does MapleSIEM use it?
    Sigma is an open, vendor-neutral standard for writing SIEM detection rules — think of it as portable detection logic. MapleSIEM uses Sigma so its 25+ prebuilt rules and your custom rules stay readable and portable, with no proprietary query language locking you in. If you've written Sigma elsewhere, it carries over.
    Does MapleSIEM help with SOC 2 compliance?
    Yes. MapleSIEM is PIPEDA + SOC 2 + ISO 27001-aligned by default, with continuous log collection, signed audit trails, and on-demand or scheduled audit reports mapped to those control frameworks. It produces the security-monitoring and log-retention evidence auditors ask for. Note: we provide the evidence and clean trails — we don't certify your business; your auditor does that.
    Can MapleSIEM support HIPAA / health-data requirements?
    MapleSIEM supports health-data-style compliance with PHIPA-mapped audit reports (available on Enterprise alongside ISO 27001), Canadian data residency, signed audit trails, and retention controls. It gives you the access-monitoring and log-retention evidence those frameworks expect. As with any framework, it provides the controls and evidence — formal certification is your auditor's call.
    Is MapleSIEM PIPEDA compliant and where does my data live?
    MapleSIEM is built around PIPEDA: 100% Canadian data residency, with every event, finding, and audit report stored inside Canadian datacenters and no replication to U.S. infrastructure. Retention controls and signed audit trails are PIPEDA-aligned by default. Data residency in Canada is the whole point of the product, not an add-on.
    What compliance reports can I export?
    You can generate printable and CSV audit reports mapped to PIPEDA, PHIPA, SOC 2, and ISO 27001 controls, plus a MITRE ATT&CK coverage heatmap. Reports run on demand or on a recurring schedule. Pro and above can have audit packages emailed automatically, so compliance evidence is always current.
    Is my data ever stored in the United States?
    No. MapleSIEM keeps 100% of your data in Canadian datacenters — every event, finding, and audit report — with no replication to U.S. infrastructure. That Canadian data residency is what makes it PIPEDA-, SOC 2-, and ISO 27001-aligned by default and a fit for organizations that can't let security data leave Canada.
    How long does MapleSIEM keep my logs?
    Hot retention scales by plan: 30 days on Starter, 90 days on Pro, 1 year on Business, and 3 years hot plus 7-year cold archive on Enterprise. Enterprise also supports per-tenant retention policies. Longer retention means you can investigate and prove what happened months after an incident, which is exactly what auditors and insurers want.
    Are there any per-GB or per-host fees?
    No. MapleSIEM is flat per-site pricing in CAD — no per-GB ingest meter and no per-host charges. You pick a plan based on events/day and retention, and that's the bill. This is the main pricing difference from Splunk and Elastic SIEM, where ingest volume or node count can make costs unpredictable.
    What is the external connector API add-on?
    The external connector API is a $50/mo add-on that lets you push events from systems outside the prebuilt parser set — your own apps, custom appliances, or in-house tooling — into MapleSIEM over the batch ingest API. It's for teams that need to wire up a source we don't parse out of the box without writing a full custom integration.
    Is billing in Canadian dollars?
    Yes. MapleSIEM is billed in CAD with no FX fees — Starter $49, Pro $99, Business $249, and Enterprise $499 per month per site. Competitors like Splunk and Elastic typically bill in USD, so for a Canadian business the CAD pricing avoids exchange-rate surprises on top of the flat per-site model.
    Is there a discount for charities or non-profits?
    Yes — a charity rate is available. Email support@mapleworksuite.com and we'll set it up. Pricing otherwise stays flat per site in CAD with no per-GB or per-host fees, and you can cancel any time.
    Do I have to sign an annual contract?
    No. MapleSIEM plans are month-to-month with no annual commitment required, and you can cancel any time. Pricing is flat per site in CAD, so you can start on Starter, prove value, and move up a tier only when your event volume or retention needs grow.
    How does MapleSIEM compare to Wazuh or self-hosting the ELK/Elastic stack?
    Wazuh and a self-hosted ELK/Elastic stack are free in license but cost you in operations — you run, scale, secure, and patch the infrastructure yourself, and you build the compliance reporting. MapleSIEM is fully managed and no-ops: Canadian-hosted, with Sigma detection, correlation, MITRE mapping, and audit reports built in. You trade DIY effort for a flat per-site fee and same-day setup.
    Why choose MapleSIEM over Datadog Security or Splunk?
    Three reasons buyers pick MapleSIEM: flat per-site CAD pricing instead of per-GB ingest or per-host metering, Canadian data residency instead of U.S.-hosted, and no query language to learn (open Sigma rules instead of SPL or KQL). It's the practical 80% of those platforms, preconfigured for SMB and mid-market workloads, without the SIEM tax.
    Does MapleSIEM integrate with the rest of MapleWorkSuite?
    Yes. Every MapleWorkSuite app reports into MapleSIEM automatically through a fail-soft event client, so you see security activity across your whole Maple stack in one Canadian SOC dashboard. It also ingests from your cloud, identity, firewall, and endpoint sources, so MapleSIEM becomes the single pane for all of it, not just the Maple apps.
    What roles and access controls does MapleSIEM offer?
    Enterprise includes Admin / Analyst / Viewer roles so you can give auditors or junior staff read-only access while analysts triage cases and admins manage rules and retention. Combined with per-tenant retention policies, this lets MSPs and larger teams separate duties cleanly across people and client sites.
    Is there a free plan for MapleSIEM?
    Yes. MapleSIEM offers a free account so you can start with no credit card and no commitment. Create your free account, explore the core features, and upgrade to a paid plan only when you need more volume or advanced capabilities.

    Ready to spin up a Canadian SOC in under an hour?

    Start ingesting logs, mapping MITRE detections, and exporting audit packages today. No credit card required for trial.