LogLatch

LogLatch is a web app (with optional Slack/Teams integration) that monitors authentication events across common identity providers and flags suspicious access in plain language. Instead of trying to be a full SIEM, it focuses narrowly on the highest-frequency breach entry point: account takeover. Connect Microsoft Entra ID (Azure AD), Google Workspace, Okta, and popular VPN/SSO logs, then get prioritized alerts for impossible travel, atypical device fingerprints, new MFA enrollments, token abuse signals, and admin role changes. The product includes a lightweight investigation view (who, what, where, when), one-click containment playbooks (force sign-out, reset password, revoke sessions, require MFA re-check), and an audit-ready incident timeline. It’s realistic for small security teams because it reduces noise and avoids complex log pipelines. Pricing is per active user or per tenant, targeting SMB and mid-market that can’t justify SIEM overhead.