Claude AI  ·  MITRE ATT&CK  ·  SOC 2 · PCI DSS · HIPAA mapped automatically

Triage security threats
before they escalate

Drop any API or infrastructure log file. Get AI-powered threat intelligence, attack pattern detection, and step-by-step remediation — in under a minute.

Start triaging free → Try live demo
50log formats · <60sper analysis · MITRE ATT&CKmapped · SOC 2 · PCI DSS · HIPAAcontrols auto-mapped

50 log formats — auto-detected on upload

No configuration needed

Web & Proxy

5
  • nginx / Apache
  • HAProxy
  • Traefik

+ 2 more

Cloud IAM & SaaS

10
  • Azure AD Sign-In
  • Okta System Log
  • GCP Cloud Audit

+ 7 more

AWS Cloud

8
  • CloudTrail
  • GuardDuty
  • VPC Flow Logs

+ 5 more

Network Security

8
  • Cisco ASA / FTD
  • Palo Alto PAN-OS
  • CEF (multi-vendor)

+ 5 more

EDR & Endpoint

7
  • CrowdStrike Falcon
  • SentinelOne
  • Microsoft Defender

+ 4 more

IDS & SIEM

5
  • Suricata EVE JSON
  • Zeek / Bro TSV
  • Snort alert_fast

+ 2 more

Infrastructure & OS

3
  • Syslog RFC 5424/3164
  • Linux auth.log
  • Kubernetes Audit

Databases & Generic

4
  • MySQL Slow / Error
  • PostgreSQL CSV
  • Generic JSON / CSV

+ 1 more

Everything you need to investigate a threat

From raw log bytes to actionable intelligence in one upload.

Deep Threat Intelligence

Every event enriched across 15 stages: GeoIP, ASN blocklists, AbuseIPDB, OTX pulses, GreyNoise noise classification, ThreatFox IOC lookup, MalwareBazaar sandbox, and confirmed IOCs from real-world SOC investigations.

AI-Powered Reports

Claude Sonnet generates full analyst narratives with evidence citations. Tiered routing: Sonnet for critical threats, Haiku for standard analysis, rule-based for low-risk. Prompt-injection hardened.

Attack Pattern Detection

Credential stuffing, API scraping, recon sweeps, brute force, and impossible travel — detected in one pass with MITRE ATT&CK techniques mapped per event across all 50 log formats.

50 Log Formats

Auto-detects every major source: nginx, Azure AD, CloudTrail, CrowdStrike, SentinelOne, Suricata, Cisco ASA, PAN-OS, FortiGate, Sysmon, Elastic ECS, Duo, Slack, GitHub Audit, and 36 more.

Auto Compliance Mapping

Every report auto-maps findings to SOC 2 CC6–CC7, PCI DSS 10.x, HIPAA § 164, NIST CSF DE.AE, and ISO 27001 A.12 controls — audit-ready evidence without extra work.

Built for regulated industries

Compliance evidence, auto-generated

Every threat report automatically maps findings to the controls your auditors need. No manual cross-referencing. No extra tools. Copy the evidence directly into your audit evidence pack.

SOC 2 CC6 · CC7
PCI DSS Req 10 · Req 12
HIPAA § 164.312
NIST CSF DE.AE · RS.AN
ISO 27001 A.12 · A.16

Per Finding

Each detected attack pattern maps to specific control IDs — e.g. credential stuffing → SOC 2 CC6.1 + PCI DSS 10.2.4

In Every Report

A dedicated compliance section lists triggered controls with references, ready to attach as audit evidence

Export Formats

Download as JSON, Markdown, CSV, or STIX 2.1 bundle — import directly into your GRC platform

How it works

Three steps from upload to remediation.

01

Upload

Drop any log file up to 100 MB. Format is auto-detected across 50 sources — nginx, CloudTrail, CrowdStrike, CEF, Suricata, and 45 more. No configuration needed.

02

Triage

Each event passes through a 15-stage enrichment pipeline: GeoIP, ASN, AbuseIPDB, OTX, GreyNoise, ThreatFox, sandbox hashes, MITRE mapping. Risk-scored 0–100. Sessions grouped. Patterns extracted.

03

Act

Get a full threat report: executive summary, technical narrative, IOC list, impacted users, prioritized remediation steps — plus auto-mapped compliance controls for SOC 2, PCI DSS, HIPAA, NIST CSF, and ISO 27001 audits. Evidence packaged, auditor-ready.

Simple, transparent pricing

Start free. Upgrade when your team needs more.

$0 forever

Free

  • 5 analyses / month
  • Up to 10 MB per file
  • Rule-based reports
  • All 50 log formats
Get started free
Most popular
$29 / month

Pro

  • 200 analyses / month
  • Up to 100 MB per file
  • AI reports (Claude Haiku)
  • Compliance mapping (SOC 2, PCI DSS, HIPAA)
  • API key access
Start free trial
$99 / month

Team

  • 1,000 analyses / month
  • No file size limit
  • AI reports (Claude Sonnet)
  • Full compliance mapping + NIST CSF + ISO 27001
  • Audit-ready exports · Dedicated support
Upgrade to Team

Need Enterprise?

SSO / SAML, white-labeled reports, custom integrations, and volume contracts — talk to sales.

Contact sales

REST API

Automate analysis via REST API

Every feature in the UI is available over HTTP. Upload logs, poll for results, and receive structured ThreatReport JSON — ready to pipe into your SIEM, ticketing system, or incident response workflow.

Authentication

All routes require Authorization: Bearer <token>. Your token is a Supabase JWT — get it programmatically via the Supabase SDK, or copy it directly from DevTools while logged in:

  1. 1. Sign in → DevTools (F12) → Network tab
  2. 2. Click any request → Headers
  3. 3. Copy the value after Authorization: Bearer

Or generate a long-lived API key (ltk_…) in Settings → Integrations — no session renewal needed.

Open interactive API reference ↗
logtriage.sh
# 1 — upload a log file
curl -s -X POST https://api.logtriage.app/analyze \
-H "Authorization: Bearer $TOKEN" \
-F "file=@nginx-access.log"
↳ {"job_id":"f3a8c2d1","status":"pending"}
# 2 — poll until complete
curl -s https://api.logtriage.app/jobs/f3a8c2d1 \
-H "Authorization: Bearer $TOKEN"
↳ {"status":"complete","max_risk_score":87}
# 3 — fetch the threat report
curl -s https://api.logtriage.app/jobs/f3a8c2d1/report \
-H "Authorization: Bearer $TOKEN"
↳ {"severity":"HIGH","attack_pattern":"Credential Stuffing",
"events_analyzed":342,"mitre_tactic":"Credential Access"}

Start triaging today

No setup. No agents. Drop a file, get a report.

Get started free →

No credit card required · 5 free analyses per month

About

Built by practitioners,
for practitioners

LogTriage was built to solve a problem we kept running into in incident response: too many log sources, not enough time, and no fast path from raw data to actionable intelligence.

Every threat detection rule, risk score weight, and IOC in the platform is sourced from real-world incident investigations — not synthetic datasets. The enrichment pipeline reflects what actually matters when you are triaging a live incident at 2 AM.

We support 50 log formats because security teams do not get to choose which sources an attacker touches. If your stack produces it, LogTriage can read it.

Threat intelligence

IOCs derived from confirmed true-positive Microsoft MDDR investigations — real attacker infrastructure, not blocklist copies.

AI analysis

Powered by Anthropic Claude. Model is selected per-job by risk level — Haiku for standard triage, Sonnet for high-severity incidents.

Compliance-first

Every report auto-maps to SOC 2, PCI DSS, HIPAA, NIST CSF, and ISO 27001 — so evidence collection is zero-effort.

Data privacy

Uploaded logs are processed ephemerally and auto-deleted after 7 days. We do not train on your data.

Get in touch

Talk to us

Questions about Team or Enterprise pricing, custom integrations, compliance requirements, or a volume discount for your SOC? We respond within one business day.

Sales & pricing

Team / Enterprise plans, volume pricing, custom contracts

sales@logtriage.app

Technical support

Parser issues, API questions, integration help

support@logtriage.app

Prefer async? Open an issue on GitHub.