Quick Start#
AttackTrace works best when you start from a real security signal: an alert, IOC, account, host, cloud event, or investigation hypothesis.
The basic flow follows the product homepage:
- Connect data sources.
- Ask and pivot with natural language.
- Explain the attack path from evidence.
- Report and reuse the investigation context.
Prerequisites#
| Item | Details |
|---|---|
| Operating system | macOS 12+, Windows 10+, Ubuntu 20.04+ |
| Network | Access to AttackTrace Hub and any data sources you choose to connect |
| Account | An AttackTrace account, invite, or organization-provided access |
| Evidence sources | SIEMs, IOCs, cloud logs, telemetry, internal tools, private APIs, or MCP servers as needed |
First 10 minutes#
- Log in to AttackTrace Hub.
- Open the chat workspace.
- Describe the alert, IOC, account, or hypothesis in natural language.
- Let AttackTrace run the next useful checks across available evidence.
- Review the evidence, confidence, pivots, and report-ready summary.
Example first prompt:
We received a SIEM alert involving IP 185.220.101.1.
Check available threat intelligence, explain what evidence supports the verdict,
and list the next pivots I should run before escalation.
What works first#
- Ask natural-language investigation questions.
- Preserve useful context in memory.
- Draft report-ready case summaries.
- Use built-in threat intelligence where available.
What improves with connected evidence#
- SIEM or log search.
- Cloud account investigation.
- Ticketing or knowledge-base actions.
- Internal tools, private APIs, and custom MCP servers.
- Customer-selected third-party connectors.
Next steps#
- Download — Get the installer for your platform.
- Installation — Complete setup and first login.
- First conversation — Ask and pivot from a security signal.
- Integrations — Connect your existing stack.