From building detection logic to translating queries between platforms, assessing coverage gaps and checking regulatory compliance -- all free, all in your browser.
50+ detection use cases with pseudo-code alert logic, required data sources, MITRE ATT&CK mapping, false positive sources and tuning recommendations. Searchable and filterable by tactic and data source.
Translate detection queries between Splunk SPL, Microsoft Sentinel KQL, IBM QRadar AQL and Elastic EQL. Handles field filters, time ranges, aggregations and common SOC patterns. Five pre-built examples included for common detection scenarios.
Open translatorSelect which log sources are connected to your SIEM -- see which MITRE ATT&CK tactics you can and cannot detect, with percentage coverage per tactic and a prioritised list of which log source to add next for maximum coverage gain.
Check my coverageEnter your environment size and get estimated daily log volumes per source type, total events per second, and indicative SIEM licence sizing across Splunk, Microsoft Sentinel, IBM QRadar and Elastic. Useful for procurement planning and new source onboarding justification.
Estimate volumeSelect your regulatory framework (CERT-In Directions 2022, RBI CSCRF, ISO 27001, or DPDP Act 2023) and your connected log sources -- see which specific logging requirements are met, partially met, or gaps. India-specific frameworks fully mapped.
Check compliancePaste a Sigma YAML detection rule and get a human-readable card: what it detects, which log source it needs, what the condition logic means in plain English, MITRE mapping, false positives, and key output fields. Four pre-built examples included.
Open viewerStart with the Coverage Matrix to find your blind spots, then use the Use Case Library to find detection logic for those gaps, and the Compliance Checker to prioritise by regulatory requirement.