Loading…
Paste raw log lines — Sysmon / Windows Security / syslog / JSON-line / key=value. Each line is auto-detected, parsed into a structured record, and tagged with MITRE ATT&CK techniques where heuristics fire. Hunting queries are generated for Splunk SPL, Elastic KQL, and Microsoft Sentinel KQL.
Pure client-side. Nothing leaves your browser. MITRE tagging is conservative — only fires on confident matches (Sysmon EID + cmdline pattern, Security 4625, etc). Treat this as a triage starting point.