VEL
Threat Hunter's Workbench
The end-to-end threat hunting platform that centralizes every phase of a hunt — from hypothesis creation through evidence collection, multi-source query federation, team collaboration, and executive reporting — across all your existing data sources.
Interactive Preview
This is what hunting feels like.
Click the sidebar to switch views. Watch the live telemetry stream. Pause it when you've seen enough.
Mock data for illustrative purposes — all interfaces, events, and indicators are simulated.
For Security Leaders
Finally — visibility into
what your team is actually doing.
Security leaders have historically had to take their team's word for program health. Hunt outcomes lived in spreadsheets. Coverage gaps were invisible. ROI was a guess. Vel changes that — without adding overhead to your hunters.
Real-Time Hunt Visibility
See every active hunt, its current status, assigned analysts, and evidence collected — in real time. No status meetings required.
ATT&CK Coverage Dashboard
Know exactly which tactics and techniques your team has hunted — and which remain uncovered. Make resourcing decisions with data, not intuition.
True Positive Ratio & ROI
Track confirmed findings, validated hypotheses, and hunt-to-detection conversion. Finally, a number you can bring to the board.
Board-Ready Reporting
One-click export to PDF and Markdown. Hunt outcomes, coverage trends, and team metrics — formatted for executive audiences, not just analysts.
Before Vel
- ✕Hunt outcomes lived in personal notes and Slack threads
- ✕ATT&CK coverage gaps invisible until after an incident
- ✕Program ROI impossible to quantify or defend
- ✕No way to know if hunters were duplicating effort
With Vel
- ◆Every hunt tracked, timestamped, and evidenced in one place
- ◆Live ATT&CK heatmap showing exactly what's been hunted
- ◆True positive ratios and coverage trends always available
- ◆Shared playbooks prevent duplicated effort across the team
Core Capabilities
Everything a hunt needs.
Nothing it doesn't.
Hypothesis Engine
Structured lifecycle management — draft → active → validated → archived. Every hypothesis MITRE ATT&CK tagged and cross-linked to evidence.
ATT&CK MappedEvidence Management
Secure artifact storage with chain-of-custody tracking, integrity hashing, annotation, and timeline visualization. Every finding preserved.
Chain of CustodyHunt Lifecycle
Full orchestration from hypothesis to conclusion. Team assignment, collaboration, timelines, and outcome documentation in one Kanban view.
Kanban ViewQuery Federation
Unified query executor across all connected sources. Intent translation, deduplication, and cached history — from one workspace.
Multi-SourceKnowledge Graph
Relationship mapping across hunts, evidence, TTPs, and entities. Surface patterns and correlations your team would otherwise miss.
OCSF CompliantPlaybook Library
Convert any completed hunt into a versioned, reusable playbook. Searchable, forkable, and MITRE-linked. Institutional knowledge, preserved.
VersionedTeam Collaboration
Role-based access (Hunter, Lead, Admin), @mentions, evidence commenting, and real-time hunt status shared across the entire team.
RBACExecutive Reporting
ATT&CK coverage heatmaps, true positive ratios, team performance metrics, and one-click export. Reports built for boardrooms, not just analysts.
Board-ReadyDetection Automation
Lightweight detection runner that auto-generates hypotheses from confirmed signals — Kerberoasting, LOLBins, DCSync, and more out of the box.
Phase 3Development Roadmap
Where we are.
Where we're going.
The foundational event pipeline is operational and verified end-to-end. Raw telemetry flows in, normalised and indexed, ready for the workbench to query.
All backend services powering the workbench are being built — authentication, hunt management, evidence tracking, and unified multi-source querying.
The primary analyst interface — active hunt views, an integrated query workspace, and a full evidence viewer with annotation and timeline.
ATT&CK coverage heatmap, hunt outcome metrics, team performance visibility, and one-click export for executive reporting.
Reusable hunt playbooks, relationship mapping across hunts and findings, global search, and real-time team collaboration.
Additional data source connectors, automated hypothesis generation from confirmed signals, performance tuning, and general availability release.
Limited Early Access
Be one of the first
teams to hunt with Vel.
We're onboarding a select cohort of threat hunting teams to shape the product before public launch. Founding user pricing locked in.