LogLens

LogLens is a web app (with optional desktop agent) that sits on top of your existing SIEM and log sources and turns messy alert floods into a short, evidence-backed incident narrative. It ingests alerts via APIs (Splunk, Microsoft Sentinel, Elastic) and pulls the surrounding context (related events, user/device history, recent changes, threat intel hits). An AI layer clusters duplicates, highlights the few signals that actually matter, and generates a plain-English “why this fired” explanation plus recommended next checks. It does not replace your SIEM; it reduces time wasted pivoting across dashboards and writing incident notes. The MVP focuses on a narrow set of common detections (impossible travel, suspicious PowerShell, MFA fatigue, new admin role) and produces consistent triage outputs: severity, confidence, supporting log lines, and a one-click export to your ticketing system.