Show HN: Cloud-agnostic SIEM that uses a natural language query layer (github.com)

Mantissa Log is an open-source, cloud-native SIEM toolkit that combines commodity cloud primitives with LLM-powered analysis to deliver enterprise-grade detection, alerting, and log interrogation at a fraction of commercial pricing. Targeted at startups and mid-size security teams, it promises "free forever" software and an estimated equivalent run cost of ≈$30k/year using AWS, GCP, or Azure instead of $150k+ vendor bills. The project emphasizes multi-cloud portability: Sigma rules are auto-converted to Athena SQL, BigQuery, or Synapse T-SQL so you can "write once, run anywhere," and you can import 2,000+ community rules from SigmaHQ alongside 90+ pre-built MITRE-mapped detections. Technically, Mantissa assembles cloud building blocks (S3/GS/Blob storage, Athena/BigQuery/Synapse, Lambdas/Cloud Functions/Functions) with a React web UI, API gateway, and modular engines for LLM queries, detection, and alert routing. LLMs power three features: NL-to-SQL conversational queries over logs, LLM-enriched alerts (5W1H summaries, behavioral context, 30-day baseline deviation, detection explainers, recommended actions), and a coming "self-learning detection engineer" that tunes rules and creates Jira tickets. It supports many data sources (CloudTrail, Okta, CrowdStrike, Slack, Snowflake, Kubernetes, etc.), integrates with Slack/Jira/PagerDuty, enforces PII redaction, provides cost estimates per scheduled detection, and is deployable via Terraform and simple scripts. Notably, it excludes dashboards, case management, SOAR, and on-prem sources—focusing on transparent, cloud-native, AI-augmented detection without vendor lock-in.