Convert security logs to MITRE timelines
Upload your incident logs and get automatic MITRE ATT&CK technique mapping, interactive timelines, and compliance-ready PDF reports.
Drop your log file here
or click to browse — CSV, JSON, TXT, LOG · max 15 MB
Auto Mapping
120+ MITRE patterns
Timeline
Visual kill chain
PDF Reports
Compliance-ready
Raw logs (syslog, CEF, CSV, JSON) are ingested line-by-line and normalised into structured events with a timestamp, source, and description.
120+ compiled regex patterns are tested against each event description. Patterns cover keywords like powershell, mimikatz, psexec, and more.
A matched pattern carries the ATT&CK technique ID (e.g. T1059), subtechnique, and tactic (e.g. Execution) — all assigned directly to that event.
Confidence is weighted by tactic severity — Initial Access and Credential Access score highest (1.0 / 0.95), Discovery lowest (0.85).