SherLockLogs was inspired by the difficulty junior SOC analysts face when interpreting massive, cryptic security logs. The platform transforms raw logs into clear, human-readable incident narratives that explain what happened, when it happened, and why it matters. Built using Python, FastAPI, Gemini API, Retrieval Augmented Generation (FAISS/Chroma), and a React-based dashboard, SherLockLogs parses logs into structured events, detects attack patterns, and generates easy-to-understand timelines and explanations. By embedding the organization’s Incident Response Playbook, it recommends company-specific response actions such as isolating systems or blocking malicious IPs. Key challenges included handling noisy logs and preventing AI hallucinations, but we successfully delivered a system that reduces alert fatigue, accelerates response time, and empowers junior analysts to act with senior-level confidence, with future plans for real-time monitoring and SIEM integration.
SherLockLogs
Log-to-Story turns raw security logs into clear incident narratives.
Updates
Leave feedback in the comments!
Log in or sign up for Devpost to join the conversation.