Glossary

Plain-language definitions of the log management, observability, and security terms you will see across LogPulse.

LPQL: LPQL (LogPulse Query Language) is a pipe-based query language for searching and aggregating logs. It compiles to optimized ClickHouse SQL, and LogPulse can also generate it from natural-language questions.Learn more
AI Investigator: The AI Investigator turns natural-language questions into LPQL, runs them, correlates deploys and threat intelligence, and proposes a likely root cause — showing every query so you can verify the answer.Learn more
Log management: Log management is the practice of collecting, storing, searching, and analyzing log data from across your systems in one place, so you can debug issues, monitor health, and meet retention and compliance needs.Learn more
Observability: Observability is the ability to understand a system's internal state from the data it emits — logs, metrics, and traces. In LogPulse, Service Intelligence adds a service-level view on top of your logs.Learn more
SIEM: SIEM (Security Information and Event Management) collects and correlates security-relevant events to detect, investigate, and report threats. LogPulse turns your existing logs into a risk-based SIEM on the same engine as search.Learn more
Agentic SOC: An agentic SOC uses AI agents that can reason, investigate, and propose actions across security data, instead of running fixed playbooks. In LogPulse, agents act behind a human approval gate.Learn more
Risk-based alerting: Risk-based alerting attributes every security signal to an entity (user, host, IP) and raises an alert on an accumulated risk score, instead of firing one alert per rule match. It sharply reduces alert noise.Learn more
Effective risk score: The effective risk score is LogPulse's single bounded 0–100 score per entity. It rewards attack breadth across MITRE stages, saturates repetitive noise, and decays over time, so one number drives promotion and triage.Learn more
Notable: A notable is a high-confidence finding worth an analyst's attention, raised when an entity's risk score crosses a threshold. In LogPulse each notable is AI-investigated and opens as a workspace with evidence and notes.Learn more
UEBA: UEBA (User and Entity Behavior Analytics) detects threats from behavioral anomalies — impossible travel, first-seen activity, volume spikes — rather than fixed signatures, and feeds the same risk model.Learn more
SOAR: SOAR (Security Orchestration, Automation and Response) automates response actions such as notifying, opening a ticket, blocking an IP, or disabling a user. In LogPulse, destructive actions run behind a human approval gate.Learn more
MITRE ATT&CK: MITRE ATT&CK is a public knowledge base of adversary tactics and techniques. LogPulse tags detections with ATT&CK tactics and techniques and shows a coverage heatmap so gaps are visible.Learn more
Threat intelligence: Threat intelligence is data about known-malicious indicators — IPs, domains, file hashes, network blocks. LogPulse enriches risk events with free IOC feeds and the Spamhaus DROP and ASN-DROP blocklists.Learn more
Model Context Protocol (MCP): The Model Context Protocol (MCP) is an open standard that lets AI agents connect to external tools and data. LogPulse runs a remote MCP server so agents like Claude Code, Cursor, and Codex can query logs and security data.Learn more
Anomaly detection: Anomaly detection flags values that deviate from a learned baseline of normal behaviour, accounting for daily and weekly seasonality, to catch problems you cannot define with a fixed threshold in advance.Learn more
Service Intelligence: Service Intelligence groups entities and log sources into services, defines health as LPQL-based KPIs with thresholds, maps dependencies, and watches each KPI for anomalies — service-level observability on your logs.Learn more
NIS2: NIS2 is an EU directive that raises cybersecurity requirements for essential and important entities, including centralized logging, real-time monitoring, and fast incident reporting.Learn more
DORA: DORA (Digital Operational Resilience Act) is an EU regulation for the financial sector and its ICT providers, with strict requirements for ICT risk management, monitoring, and incident reporting.Learn more
Alert fatigue: Alert fatigue is the exhaustion and missed detections that result when a security team receives more alerts — many of them false positives — than it can meaningfully triage. Risk-based alerting is the structural fix.Learn more
MTTR: MTTR (Mean Time to Respond or Resolve) is the average time to detect, investigate, and resolve an incident. AI-assisted investigation and risk-based alerting are designed to bring it down.Learn more
ClickHouse: ClickHouse is an open-source columnar database built for fast analytical queries over very large datasets. LogPulse is built on ClickHouse, which is why search stays under 200ms across billions of log entries.Learn more
OTLP (OpenTelemetry): OTLP (OpenTelemetry Protocol) is the open standard for transmitting telemetry such as logs, metrics, and traces. LogPulse ingests logs natively over OTLP, so there is no proprietary forwarder lock-in.

We use cookies to analyze site traffic and improve your experience. No cookies are placed without your consent. Privacy Policy