Security Information & Event Management

Free SIEM Tools for Detection Engineers & SOC Teams

From building detection logic to translating queries between platforms, assessing coverage gaps and checking regulatory compliance -- all free, all in your browser.


50+
Detection use cases
4
SIEM query languages supported
4
Regulatory frameworks mapped
13
MITRE tactics covered
Most comprehensive

SIEM Use Case Library

50+ detection use cases with pseudo-code alert logic, required data sources, MITRE ATT&CK mapping, false positive sources and tuning recommendations. Searchable and filterable by tactic and data source.

  • 50+ use cases across all 13 MITRE ATT&CK tactics
  • Detection logic in readable pseudo-code
  • False positive sources documented per use case
  • Specific tuning recommendations
  • Filter by tactic, data source, or keyword
Browse library

SIEM Query Translator

Translate detection queries between Splunk SPL, Microsoft Sentinel KQL, IBM QRadar AQL and Elastic EQL. Handles field filters, time ranges, aggregations and common SOC patterns. Five pre-built examples included for common detection scenarios.

Open translator

Data Source Coverage Matrix

Select which log sources are connected to your SIEM -- see which MITRE ATT&CK tactics you can and cannot detect, with percentage coverage per tactic and a prioritised list of which log source to add next for maximum coverage gain.

Check my coverage

Log Volume Estimator

Enter your environment size and get estimated daily log volumes per source type, total events per second, and indicative SIEM licence sizing across Splunk, Microsoft Sentinel, IBM QRadar and Elastic. Useful for procurement planning and new source onboarding justification.

Estimate volume

SIEM Compliance Coverage Checker

Select your regulatory framework (CERT-In Directions 2022, RBI CSCRF, ISO 27001, or DPDP Act 2023) and your connected log sources -- see which specific logging requirements are met, partially met, or gaps. India-specific frameworks fully mapped.

Check compliance

Sigma Rule Viewer & Explainer

Paste a Sigma YAML detection rule and get a human-readable card: what it detects, which log source it needs, what the condition logic means in plain English, MITRE mapping, false positives, and key output fields. Four pre-built examples included.

Open viewer

Building your detection engineering programme?

Start with the Coverage Matrix to find your blind spots, then use the Use Case Library to find detection logic for those gaps, and the Compliance Checker to prioritise by regulatory requirement.

Start here

We use cookies for basic site function and, where ads are enabled, for advertising personalisation. See our Privacy Policy.