Paste a raw log → get an AI-suggested KQL search, explained.
Paste a raw log line and get an AI-suggested Microsoft Sentinel search. The query uses your log's own fields — verify it in your environment before relying on it.
The KQL is AI-suggested — a starting point. It uses your log's own field names and a the table table you confirm. Always verify before running it in production.
Nothing is stored or logged. Indicators (IPs — including internal ranges — domains, URLs, hashes, emails, CVE IDs, and usernames/hostnames in labeled fields) are detected on our server with deterministic pattern-matching before the model is called — no AI is used for that step. The full line is then sent to the AI model to build the KQL search and is not saved — there are no share URLs and no account is required.
A single syslog line, a Windows 4625 event, an Apache access line, a Cisco ASA deny, a JSON or CEF record. The format is detected automatically.
The model extracts the fields the log actually contains and builds a primary search plus broad and precise alternatives — grounded in those field names.
Run the included discovery query to list your real tables, confirm the guessed table, and validate the search before relying on it.
Same tool for Splunk: paste a raw log and get an AI-suggested SPL search, explained.
Check any IP, domain, hash, or URL extracted from your log against 14+ threat intelligence sources.
Browse the full set of free DFIR tools — IOC checks, domain lookups, phishing analysis, and more.
The DFIR Platform adds private enrichment, detection-rule management, and API access — results never leave your workspace. Free tier includes credits to get started.