Key Features
Natural Language Investigations
Ask questions in plain English. SoCMate investigates across your SIEM data and returns structured reports with risk scores, IOCs, and MITRE ATT&CK mappings.
Knowledge Graph
Every investigation enriches a persistent knowledge graph of security entities — IPs, users, hosts, domains — and their relationships. Discover connections across investigations.
Scheduled Investigations
Set up recurring investigations that run on a schedule. Monitor for brute force patterns, suspicious sign-ins, or anomalous network activity automatically.
Persona-Aware Reports
Get reports tailored to your role. SOC analysts receive technical IOCs and MITRE mappings. CISOs receive executive summaries and business impact assessments.
Real-Time Streaming
Watch investigations unfold in real time. See each stage of the analysis as it happens.
Incident Sync
Automatically sync incidents from your SIEM. Enrich them with notes, tags, and assignments. Launch investigations directly from incidents.
How It Works
- Ask a question — “Investigate IP 203.0.113.50 for malicious activity”
- SoCMate investigates — Automatically queries your SIEM, extracts entities, and analyzes findings
- Get a report — Structured results with risk scores, affected entities, IOCs, MITRE mappings, and recommendations
Who Is SoCMate For?
- SOC Analysts who need to investigate security incidents faster with natural language
- Security Engineers who want to automate recurring investigation patterns
- CISOs and Security Leaders who need executive-level visibility into security posture
- Security teams looking to integrate AI-powered investigation into their SOAR workflows via API
Next Steps
Quickstart
Log in, run your first investigation, and explore the platform.
API Reference
Integrate SoCMate into your workflows with the REST API.