Turn Natural Language into Sentinel KQL Queries
Empower your security analysts with AI-assisted query generation for Microsoft Sentinel
Why KQL Query ?
Instant Query Generation
Describe what you're looking for in plain English, and get production-ready KQL queries in seconds.
AI-Powered Explanations
Understand how each query works with clear, human-readable explanations of the KQL logic.
Security-Focused
Built specifically for Microsoft Sentinel with knowledge of SecurityEvent, SigninLogs, and common security tables.
Fast & Simple
No complex syntax to memorize. Perfect for junior analysts and threat hunters who need results quickly.
Reduce Your Sentinel Total Cost of Ownership
| Cost Area | Challenge | How KQL Query Helps | Typical Savings |
|---|---|---|---|
| Ingestion & Retention | Teams ingest and retain redundant data from unused sources. | Analyses query patterns to identify unused tables and noisy logs guiding data reduction and retention policies. | ↓ 5–15% |
| Query Execution | Overly broad or inefficient KQL scans inflate compute and time costs. | AI generates lean, optimised queries that scan smaller datasets and focus on relevant time windows. | ↓ 10–30% |
| Analyst & DBA Time | Writing and debugging KQL is slow, inconsistent, and specialist. | Enables anyone to query like an expert freeing senior analysts from routine query support. | ↓ 15–25% |
Result: Up to 25% lower Sentinel TCO and faster incident response.
How It Works
Describe Your Query
Tell us what you're looking for in natural language
Get KQL Query
Receive a validated, production-ready KQL query
Understand & Use
Read the explanation and run it in your Sentinel workspace
Coming in Phase 2
🔐 Microsoft Entra ID Login
Secure authentication with your Microsoft account
🔗 Sentinel API Integration
Execute queries directly from the app
📚 Query Library
Save and share queries with your team
💼 Pro Features
Unlimited queries and advanced capabilities
Ready to Transform Your KQL Workflow?
Start generating queries in seconds