Hunt EVTX logs with lineage and rarity to expose real threats.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "SigmaLineage MCP" yet — see the docs or source repo.
Analyze these Windows EVTX security logs, trace process lineage after the suspicious login event, use rarity baselining to find anomalous execution, lateral movement, and privilege escalation, and summarize the key threats in timeline order.
A timeline-based kill chain analysis highlighting suspicious processes, abnormal parent-child relationships, rare behaviors, and high-risk alerts.
Perform contextual correlation on the EVTX logs behind these security alerts, use process lineage and historical rarity baselines to separate false positives from real threats, and explain the reasoning for each high-risk event.
A de-noised list of high-priority events with threat rationale and recommended response priority.
Inspect the EVTX logs from these endpoints, establish a baseline of common process behavior, identify rare command executions, script launches, and parent-child process combinations, and explain which patterns most likely indicate intrusion activity.
A summary of anomalous behavior listing the most suspicious rare patterns, affected hosts, and recommended next investigation steps.
Investigate threats and respond to incidents across security data with natural language.
Retrieve normalized OpenCTI threat intelligence with context for indicators, actors, and reports.
Perform static taint analysis on Python code to detect security vulnerabilities.
Query threat intelligence and trace incidents for faster security triage automation.
Analyze security incidents, map ATT&CK tactics, score severity, and suggest remediation.
Search and analyze Sentry issues, events, and traces using natural language.