// soc investigation workflows

Same alert.
Two analysts.
Different conclusions.

Paste raw alert data and get instant browser-based triage — severity verdict, MITRE mapping, false-positive checks, and a ready-to-paste incident note. Optional AI handoff to ChatGPT or Claude for deeper investigation.

paste alert data instant browser triage optional AI handoff

[ Start Investigating ] Stay Updated

No signup required·Used by SOC analysts in 10+ countries·Built for real investigations

Tested by a SOC analyst
Built for real security tasks
Guided input, not random prompts
Works with ChatGPT, Claude & Gemini
Free to use

// how it works

From alert to verdict in minutes

[01]

Pick a workflow for your alert type

Select the workflow that matches what you're investigating — phishing, PowerShell, identity, network, ransomware, and more.

[02]

Get instant triage or follow the step-by-step guide

Paste your alert data for an instant browser-based verdict. Or use the structured manual workflow — what to check, what to decode, what to ask — the same way an experienced analyst would.

[03]

Reach a confident verdict faster

Produce a structured SOC summary with severity, MITRE mapping, IOCs, and recommended actions — ready to paste into your ticket or escalate.

// investigation workflows

Browse Workflows

Phishing Alert Triage AWS VPC Credential Dumping
workflow / investigation sequence
Phishing Email Investigation 🔥 most used ⚡ Instant Analyser
analyze email extract headers verify sender verdict
Beginner
SOC Alert Triage 🔥 most used ⚡ Instant Analyser
classify alert check context correlate prioritize
Beginner
Ransomware Triage New ⚡ Instant Analyser
detect indicators blast radius contain spread incident report
IR
AWS VPC Flow Log Analysis ⚡ Instant Analyser
pull flow logs filter anomalies map IPs verdict
Cloud
Credential Dumping New ⚡ Instant Analyser
identify tool check privileges review access logs verdict
Advanced
Suspicious PowerShell Investigation
decode command check parent process review execution verdict
Advanced
Identity Compromise Investigation
review login events check MFA correlate geo verdict
Advanced
Phishing URL Analysis
extract URLs detect indicators score & verdict block or clear
New ⚡ Instant Analyser
Windows Event Log Analysis
parse events detect patterns correlate chains triage & contain
New ⚡ Instant Analyser
Explain This Security Alert
parse alert map to MITRE assess severity recommend
Beginner

// faq

Common questions

> Do I need to sign up?
// No. Pick a workflow and start immediately. No account, no email, no friction.
> Is this for beginners or experts?
// Both. Junior analysts follow the steps to build confidence. Senior analysts use it to move faster and document better.
> How is this different from Google?
// Structured investigation workflows, not search results. Each one tells you exactly what to check and in what order — built around real SOC scenarios.
> Is it free?
// Yes, completely free. Always will be for defenders.

Built by a defender, for defenders.

SOC.Workflows started from a simple frustration — AI tools are powerful, but most security analysts don't know how to prompt them effectively for real investigation work.

These workflows are different. Each one is structured, step-by-step, and built around real SOC scenarios. Not generic prompts. Not marketing fluff. Just guided inputs that help you investigate faster and document better.

Currently free. Always will be for defenders.

Get in Touch

Questions, feedback, or just want to say hello — reach us at gauravkundu12@gmail.com

Stay updated

Stay Updated

Get notified when new workflows are added. No spam. Unsubscribe anytime.

Free forever New workflows monthly No spam

Get new workflows in your inbox

Stay updated when new SOC workflows drop. No spam, unsubscribe anytime.