ThreatPal
AI security intelligence, layered on your existing SIEM.
A retrieval-grounded intelligence layer that sits on top of your existing SIEM. Twelve months of telemetry become queryable in natural language — raw logs never leave your perimeter.
Who this is
for.
Enterprise teams with a specific domain problem — not consumer or hobbyist use.
Capabilities
that earn their place.
Natural-language investigation
Ask in Bahasa or English. Get a timeline, a lateral-movement graph, and MITRE-mapped findings with the underlying evidence.
Dual-persona output
CISO mode produces executive-grade reports. Ops mode supports technical investigation workflows. Same data, different audience.
Non-invasive by design
Sits on top of Wazuh or equivalent. Raw logs never leave your perimeter — only processed embeddings flow through the pipeline.
Threat enrichment built-in
Every finding is cross-referenced against VirusTotal and AbuseIPDB. MITRE ATT&CK T-codes attached automatically.
A look at
the surface.
A schematic redraw of ThreatPal at work — not a marketing render, not a screenshot. A legible trace of what the real surface does.
What separates
ThreatPal.
Raw logs stay inside
Security telemetry never leaves your infrastructure. Only processed embeddings and enrichment flow through the pipeline.
Bahasa-first reasoning
Analysts investigate in Indonesian if they prefer, with outputs rendered in whatever language the reader needs.
MITRE-mapped by default
Every finding ships with T-codes — T1071, T1078, T1204 — so your runbook hooks right in.
Every ThreatPal capability,
callable from any agent.
Plug Claude Desktop, your in-house copilot, or our own rafiq-agent into the endpoint below. Tools appear automatically — schema, types, descriptions, auth.
See the MCP catalog →investigationsreportsenrichmentgraphsfindings Non-invasive ingestion · Tiered language models · VirusTotal & AbuseIPDB enrichment · MITRE ATT&CK mapping
Request a deployment conversation.
We scope, pilot, and deploy ThreatPal with teams across Indonesia.