--- title: "AI Investigator – Natural Language Threat Hunting with XDR" id: "99307" type: "page" slug: "ai-investigator-natural-language-threat-hunting" published_at: "2025-06-17T11:21:41+00:00" modified_at: "2026-03-06T11:31:52+00:00" url: "https://stellarcyber.ai/ai-investigator-natural-language-threat-hunting/" markdown_url: "https://stellarcyber.ai/ai-investigator-natural-language-threat-hunting.md" excerpt: "AI Investigator: Natural Language Threat Hunting at Machine Speed Ask. Investigate. Act. AI Investigator empowers your analysts to query your security data in plain English — no special syntax, no slow pivoting. Investigations that used to take hours now take..." --- ## **AI Investigator:** Natural Language Threat Hunting at Machine Speed #### Ask. Investigate. Act. AI Investigator empowers your analysts to query your security data in plain English — no special syntax, no slow pivoting. Investigations that used to take hours now take minutes. [Request A Live Demo](https://stellarcyber.ai/request-a-demo/) [Learn More](https://stellarcyber.ai/learn/ai-driven-security/) Your browser does not support the video tag. ## The Future of AI-powered Threat Investigation Is Here AI Investigator, part of Stellar Cyber’s [Open XDR Platform](https://stellarcyber.ai/platform/what-is-open-xdr/) , is a powerful early-access feature designed for analysts who want deeper insights without deeper complexity. With AI Investigator, your team can: ## Ask security questions using natural language Analysts can interact with the platform just like they would a teammate—no need for complex syntax or query logic. ## Automatically generate and run structured queries AI Investigator translates plain English into precise, executable security queries—fast, accurate, and tailored to intent. ## Investigate across data from on-prem and cloud sources Break down silos with seamless access to telemetry from across your hybrid infrastructure—all in one unified view. ## Accelerate MTTI with AI-powered investigation flows Get step-by-step insights with suggested next steps, enriched context, and automated pivots—cutting investigation time from hours to minutes. [Request A Live Demo](https://stellarcyber.ai/request-a-demo/) [Learn More](https://stellarcyber.ai/learn/ai-driven-security/) ## Powerful Simplicity for Security Analysts #### Using AI Investigator feels like chatting with a teammate — only faster, smarter, and always available. **Human Language In, Structured Search Out** Enter prompts like: Show me all failed login attempts in the last 48 hours*.* Using AI Investigator feels like chatting with a teammate — only faster, smarter, and always available. ## Full Visibility, Instant Access Using AI Investigator feels like chatting with a teammate — only faster, smarter, and always available. ## Network traffic ## Sysmon and Windows Event Logs ## Microsoft Entra ID sign-ins ## Office 365 Audit Trails ## EDR alerts from SentinelOne, Sophos, Trend Micro ## Firewall logs and more Tenant-Aware by Design Multi-tenant environments are fully supported — with strict access controls based on user role and scope. ## Built for Real-World Investigations Whether you're responding to an alert or hunting for hidden threats, AI Investigator is your AI co-pilot. Sample Investigation Flow ## Prompt “Show me all outbound traffic from internal hosts in the last 7 days.” ## Follow-Up “Which of these hit known malicious IPs?” ## Drill Down “Who sent traffic to 173.118.163.197?” Each step adds to a saved "Notebook" — preserving your investigation context and audit trail. Results come with editable queries, time range controls, and interactive visualizations. ## Smart Querying Tips for Maximum Value ### Be Specific Ask for “successful Windows logins,” not just “logins.” ### Use Follow-Ups Clearly Start with “Following up on that...” for best results. ### Avoid Ambiguity Always name the user or IP explicitly (e.g., “Show activity for jsmith@...”) ### Start Simple Then layer on filters and refinement. ## Your Data Stays Secure ## No PII Sent Only query structure and schema are sent to the AI model. ## Data Stays Local All security records remain inside your Stellar Cyber environment. ## Anonymized Learning Prompts and query structures are used to improve performance — without tying data to users or tenants. ## Ready to See It in Action? Request a demo or enroll today to start asking smarter questions, getting better answers, and resolving threats faster. [Request a Demo](https://stellarcyber.ai/request-a-demo/) “Users can enhance their favorite EDR tools with full integration into an XDR platform.” ### Jon Oltsik Senior Principal Analyst and ESG Fellow “Stellar Cyber is the most cost-effective way to adopt AI and XDR” ### Erwin Eimers CISO of Sumitomo Chemical “Sportscar Performance XDR for a Family Sedan Budget!” ### Gartner Peer Insights Director of IT ### 4.8 “The platform’s AI delivers a complete view of security events across our clients’ global infrastructure under one pane of glass” ### Todd Willoughby Director of Security & Privacy at RSM US “Stellar Cyber delivers built-in NDR, Next Gen SIEM and Automated Response” ### Rik Turner Principal Analyst, Security and Technology “Stellar Cyber reduced our analysis expenses and enabled us to kill threats far more quickly.” ### Central IT Department University of Zurich [For MSSPs](https://stellarcyber.ai/product/stellar-cyber-for-mssps/) [For Enterprises](https://stellarcyber.ai/product/sc-enterprises/) ## It’s Your Turn to ## See. Know. Act. Stellar Cyber unifies your stack, automates response, and connects you with trusted partners—giving you clarity, control, and measurable results. [Request a Demo](https://stellarcyber.ai/request-a-demo/) [Explore the Platform](https://stellarcyber.ai/platform/) ## It’s Your Turn to ## See. Know. Act. Stellar Cyber unifies your stack, automates response, and connects you with trusted partners—giving you clarity, control, and measurable results. [Request a Demo](https://stellarcyber.ai/request-a-demo/) [Explore the Platform](https://stellarcyber.ai/platform/)