LogSift

LogSift is a web app (with optional lightweight desktop agent) for small security teams drowning in alerts but lacking SIEM budget and tuning expertise. It ingests cloud audit logs and endpoint events, then automatically clusters repetitive “benign noise” and highlights genuinely unusual sequences (new admin actions, impossible travel patterns, privilege escalation chains, suspicious OAuth consent, mass file access). It’s a combination traditional + AI app: rules and detections are transparent and editable, while an AI layer summarizes incidents, proposes likely root cause, and suggests next steps with links to the exact log lines. The product is realistic: it won’t replace a full SOC, but it can cut triage time and reduce missed incidents for SMBs and mid-market IT teams. Pricing is per endpoint/workload with a capped ingestion model to avoid surprise bills.