AttackTrace#
AI-Native SOC Investigation Workspace
AttackTrace connects SIEM, cloud logs, threat intelligence, and internal tools so analysts can triage alerts, follow evidence, reconstruct attack paths, and close cases faster with explainable AI.
The workspace keeps tools, evidence, memory, and reports together. Built-in threat intelligence helps with the first pivots, while optional integrations connect your existing stack when an investigation needs environment-specific evidence.
What analysts use it for#
-
Incident response
Move quickly from an urgent alert to scoped impact, likely root cause, and a handoff-ready case.
-
Threat hunting
Turn hypotheses into repeatable investigations across infrastructure, identity, cloud, and telemetry.
-
Alert triage
Reduce noisy queues by turning raw signals into verdict drafts, next steps, and escalation context.
-
Report and reuse
Generate structured investigation reports and preserve useful memory for future cases in the same environment.
Typical investigation flow#
flowchart LR
alert[Security signal] --> prompt[Describe alert or IOC]
prompt --> sources[Connected data sources]
sources --> evidence[Evidence and pivots]
evidence --> path[Attack path explanation]
path --> report[Report and reusable memory]AttackTrace is designed to support the analyst workflow. AI output should be reviewed against evidence before action.
Quick navigation#
| I want to... | Go to |
|---|---|
| Start my first investigation | Quick Start → |
| Ask and pivot in chat | First Conversation → |
| Understand integrations | Integrations → |
| Configure models | Model Config → |
| Manage account and subscription | Account & Subscription → |
| Troubleshoot issues | Troubleshooting → |