Use Cases

How specific attacks show up in specific log formats, and how LogTriage detects each one — grounded in the same parsers and scoring logic the product actually runs.

Microsoft 365 Unified Audit Log Business Email Compromise

Detecting Business Email Compromise in Microsoft 365 Audit Logs

CrowdStrike Falcon C2 Beaconing

Detecting C2 Beaconing in CrowdStrike Falcon Telemetry

Azure AD Sign-In Logs Credential Stuffing

Detecting Credential Stuffing / Brute Force in Azure AD Sign-In Logs

nginx / Apache Credential Stuffing

Detecting Credential Stuffing in nginx Access Logs

Okta System Log Credential Stuffing

Detecting Credential Stuffing in Okta System Logs

AWS CloudTrail IAM Privilege Escalation

Detecting IAM Privilege Escalation in AWS CloudTrail

Azure AD Sign-In Logs Impossible Travel

Detecting Impossible Travel in Azure AD Sign-In Logs

Azure AD Sign-In Logs MFA Bypass

Detecting MFA Bypass in Azure AD Sign-In Logs

AWS VPC Flow Logs Port Scanning

Detecting Port Scanning in AWS VPC Flow Logs

nginx / Apache Reconnaissance Sweep

Detecting Reconnaissance Sweeps in nginx Logs

Kubernetes Audit Log Secret Exfiltration

Detecting Secret Exfiltration in Kubernetes Audit Logs

nginx / Apache Data Exfiltration

Detecting SQL Injection and Data Exfiltration in nginx Logs