A Vyrux Group Product
ThreatLens identifies the gaps in your detection rules.

What it checks
Five issues that quietly undermine a detection program.
Broken rules
Empty queries and rules that have been disabled with no owner responsible for restoring them.
Poorly-written rules
Unscoped searches, missing time bounds, and deprecated query syntax.
Missing metadata
No severity assigned, no MITRE ATT&CK mapping.
Duplicate rules
Two rules running byte-identical queries against the same data.
Coverage gaps
A log source registered with the platform that no rule actually references.
Built for your SIEM
Two platforms, one engine.
Splunk
Ships as a Splunk app: a modular input that runs on stdlib Python, with no pip installs required on the search head. Findings are written to a dedicated index with a Dashboard, Rules, Alerts, and Analysis view built in.
Microsoft Sentinel
Deploys as an ARM template comprising a Python Function App, a Data Collection Rule, and a custom workspace table, along with three Workbooks covering rule quality, rule inventory, and alert-firing trends.

Why it exists
Developed to replace manual, repeated checks.
ThreatLens originated from Vyrux Group's Cybersecurity practice, specifically from security operations optimization engagements where the same rule health issues kept appearing in client environments. Rather than checking for them manually on every engagement, we built tooling that checks continuously.
Get early access