Hypothesis-driven hunt planning for AI systems. Sharpen a suspicion, map it to ATLAS/ATT&CK, identify telemetry, draft queries, define success — export a hunt brief you can run.
🔒
Data leaves the browser only when you click an AI button. Each "Ask AI" call sends the relevant field text to Gemini via Firebase AI Logic — see the Privacy section below for what exactly is sent. Your work is saved locally in this browser; clear it via the trash icon in the stepper.
Hunt Plan
1
Hypothesis
What do you suspect?
2
Threat mapping
ATLAS & ATT&CK
3
Telemetry
Data needed
4
Queries
KQL / SPL stubs
5
Success criteria
Pass / fail
6
Export brief
JSON / Markdown
1. State the hypothesis
Describe what you suspect in plain English. AI will rewrite it as a testable, falsifiable hunt hypothesis (PEAK-style).
AI-sharpened hypothesis will appear here.
2. Map to ATLAS & ATT&CK
Get suggested MITRE ATLAS tactics (AI-specific) and classical ATT&CK techniques that this hypothesis would touch.
ATLAS & ATT&CK mappings will appear here.
3. Telemetry needed
What logs and signals do you need to test the hypothesis? AI will list data sources, fields, and likely gaps.
Telemetry plan will appear here.
4. Query stubs
AI drafts starter queries for the platforms you use. These are starting points — review, scope to your environment, and tune.
Query stubs will appear here.
5. Define success
What would prove the hypothesis true? False? What's the next step in either case?
Success criteria will appear here.
6. Export hunt brief
Bundle everything into a hunt brief you can drop into a wiki, ticket, or hand to a hunter.
Markdown brief
Human-readable, ready for Confluence / Notion / GitHub.
JSON brief
Machine-readable, for ingestion into a hunt tracker.
Preview
(generate the brief by completing the steps above)