In this paper, a novel architecture for a stream- ing intrusion detection system for Grid computing envi- ronments is presented. Detection mechanisms based on traditional log-files or single host databases are replaced by a streaming database approach. The streaming architecture allows processing of temporal attack data across multiple sites and offers the potential for performance benefits in large scale systems, since data is processed during its natural flow and only stored as long as necessary for analysis. Two cross-site example attacks in a Grid environment and the streaming detection logic for these attacks are presented to illustrate the approach. Experimental results of a prototypical implementation are presented.