Welcome to mlab.sh !
You can now upload your files or search for something using the search bar above.
Search in mlab.sh
Or upload a file to analyse
By searching or submitting files, you agree to our Terms of Service and Privacy Policy.
How mlab works
A structured investigation workflow designed for real-world security operations.
Collect signals
Start from raw signals such as IP addresses, domains, hashes or files. These inputs typically originate from alerts, logs, detections, user reports or threat intelligence feeds.
Analyze & enrich
mlab automatically analyzes the provided inputs using dedicated tools and enrichment sources, extracting metadata, relationships and contextual information needed for investigation.
Correlate & investigate
Results are correlated across indicators and tools to reveal patterns, infrastructure reuse and relationships that are difficult to see when working with isolated datasets.
Review structured results
All outputs are presented in a consistent, human-readable format. Tool results remain transparent, reproducible and easy to interpret, supporting fast triage and confident validation.
Decide & act
Use the collected context to make informed decisions: escalate incidents, block infrastructure, enrich detections, or document findings for reporting and post-incident analysis.
This workflow mirrors how security teams operate during real investigations - from raw indicators to contextualized intelligence - without rigid steps, hidden logic or black-box scoring.
Designed for security professionals
"mlab helps our security teams centralize investigations, reduce manual correlation work, and focus on what actually matters. It fits naturally into existing workflows without adding noise."
- Security Operations Lead
French multinational corporation
SOC analysts
Quickly triage alerts, investigate indicators, and validate threats with structured and enriched data.
Incident responders
Correlate domains, IPs and files during active incidents to accelerate containment and response.
Blue teams
Support detection engineering, investigations and post-incident analysis with reliable signals.
Security researchers
Explore infrastructure, indicators and relationships without black-box abstractions.
Security & privacy first
mlab is built with security-by-design principles and strict data protection practices. Every component of the platform is designed to minimize exposure, control access, and ensure responsible data handling.
Controlled data access
Uploaded files, searches and analysis results are private by default and never exposed publicly unless explicitly intended.
Secure processing
All analyses are performed within controlled environments with strict isolation, monitoring and auditability.
Data retention & compliance
Data retention is limited, purpose-driven and aligned with GDPR and European regulatory requirements.
Infrastructure & hosting
The platform is operated on European infrastructure with security-focused providers and strong operational controls.
Start exploring mlab
Create a free account or start analyzing data right now.