For too long, security teams have had to wrestle with custom query languages just to ask basic questions of their SIEM. During the critical moments of an incident – when every second matters – analysts shouldn’t be slowed down by remembering syntax or troubleshooting formatting errors. They need to focus on outcomes: finding threats, scoping incidents, and protecting the business.
Today, we’re excited to announce a major leap forward for our customers: AI for log search in Rapid7 Incident Command.
Query your SIEM like a human, not a robot
With this new capability, available now for all Rapid7 SIEM customers, analysts can use plain English to generate powerful log queries, with no prior Log Entry Query Language (LEQL) experience required. Just type what you want to find. Whether you’re a seasoned threat hunter or a junior analyst on your first incident, the barriers to entry are gone.
For example, analysts can search for things with natural language that used to require a Log Entry Query Language (LEQL) query:
“Find all denied connections to port 3389.”
“Show all outbound connections to China in the last 24 hours.”
“List all logins from France.”
Our embedded AI instantly translates your intent into a valid, ready-to-run query, surfacing the information you need with the accuracy and speed that today’s SOC demands. The analyst can immediately review, run, and iterate without ever switching mental gears from threat hunting to syntax troubleshooting.
Built for speed, clarity, and confidence
This is more than just a time saver, it’s a force multiplier for your team’s expertise:
Accelerate every investigation: No need to memorize log schemas or learn a query language under pressure.
Reduce errors: Our AI checks every generated query for valid syntax and semantic awareness, eliminating frustration and guesswork.
Handle the complex with ease: Want to search for a list of suspicious IPs you’ve pasted in? Need to generate an ad-hoc regex for a rare field? Just ask and AI does the heavy lifting.
Understand exactly what’s happening: Every AI-generated or manually written query can be instantly explained in plain English, with a step-by-step breakdown of what the query will do. Go beyond transparency with built-in learning, collaboration, and troubleshooting for analysts at every level.
Learn by doing: Every AI-generated query doubles as a hands-on lesson in LEQL, helping analysts build intuition and confidence in the syntax as they explore and investigate in real time.
Designed for the realities of modern security teams
We know that incident response isn’t a solo act—it’s a team sport under pressure. That’s why we’ve designed AI for Log Search to empower everyone:
Junior analysts can contribute from day one.
Experienced hunters can move faster, iterate, and focus on finding patterns—not fixing typos.
The entire team benefits from explanations and knowledge sharing, breaking down barriers between experience levels.
Eases the migration from other platforms with their own query language.
You can refine queries conversationally, add context as you go, and let the AI adapt to the way you think, not the other way around.
Security, privacy, and responsible AI—by design
Rapid7 knows that trust is foundational when introducing AI into the heart of your security operations. That’s why our approach to AI-powered features is built around transparency, security, and customer control from day one. With AI for Log Search, no customer data is ever used to train our models; your queries and results always stay securely within your cloud boundary. Our AI is developed and governed according to leading industry standards, including the NIST AI Risk Management Framework and the Open Standard for Responsible AI, ensuring that every enhancement meets the highest expectations for privacy and accountability.
Just as importantly, these features are designed to be purely additive, not replacements for the tools and workflows your team relies on. Manual query editing remains fully available whenever you need it, and analysts can choose to use AI only when it makes sense for their work. Whether you’re exploring new capabilities or sticking with familiar methods, you remain in full control at every step.
Get started today
At Rapid7, we believe that security teams should spend less time fighting with tools and more time fighting threats. The future of SIEM search is here, and it’s built for the people on the front lines. By removing the barriers between analysts and data, we’re helping teams respond faster, work smarter, and stay one step ahead of what comes next.