HOW IT WORKS
ANSWERS.
NOT ASSUMPTIONS.
Stairwell is a search engine for file analysis and threat intelligence, built to answer the hard questions log-based tools cannot answer quickly.
It gives threat intel, SOC, and incident response teams fast, defensible visibility into what is actually in your environment.
Just as important, Stairwell proves the negative. You can confirm both the presence and the absence of a known IOC or piece of threat intel.
HOW IT WORKS
IMMEDIATE ANSWERS
Answers to security, compliance, and IT questions. Fast.
PRIVATE BY DESIGN
Stored in a private vault. Your threat intelligence stays yours, and nobody else’s.
INVISIBLE TO ADVERSARIES
Attackers reverse engineer endpoint tools, but cannot study a SaaS system they cannot access.
ANSWERS FOR YOUR SECURITY TEAM. IN SECONDS.
Stairwell Capability
Questions Stairwell answers in seconds
Hash look up
Is this hash or file malicious?
IOCs and hostnames look-up
Threat intelligence sent some IOCs and hostnames, do we have any?
Can I monitor in the future if any of them appear?
Search for Vulnerable files
Does this vulnerable file (eg. Log4J) exist in our enterprise?
On which machines?
Search for Unauthorised apps
Does this unauthorised app (BitTorrent, Gaming, Keygen) appear on any device in the enterprise? How would I know if a device was out of compliance?
How do you find out-of-date software on your devices?
Security Enrichment
What’s the history and reputation of that IOC, IP address, hostname, YARA matches?
Variant Discovery
Are there any variants of this malware in my enterprise?
Which machines are affected?
When did the malware first show up?
Which machines are affected?
When did the malware first show up?
Run-to-ground
Are there any variants of variants in my environment?
Any more files used in the infection campaign?
Any more files used in the infection campaign?
Run-to-ground timeline
When were we infected?
What files are associated with this file?
What happened before and after this file arrived?
What files are associated with this file?
What happened before and after this file arrived?
Prevalence analysis
On how many machines have we seen that file on?
Is this file rare?
Is this file rare?
Continuous YARA Rule analysis
Do files in my enterprise trigger any known shared YARA rules?
Private Vault YARA Rule Analysis
Do files in my enterprise trigger any of our own YARA rules?
Threat Report Health Check
Do we have IOCs from that new threat report in our environment?
Are we certain that none of the IOCs are in our environment?
Are we certain that none of the IOCs are in our environment?
AI Triage Verdict
Is this file bad?
What does this file do?
What characteristics does this file have that is bad?
What does this file do?
What characteristics does this file have that is bad?
AI Triage Explanation
Can you educate me about why this file is bad, so I can triage the alert faster?
Should I detonate this file in a sandbox?
Can this file intelligence be integrated into my SOC/SIEM/SOAR workflow?
Should I detonate this file in a sandbox?
Can this file intelligence be integrated into my SOC/SIEM/SOAR workflow?
Threat Hunting
How do I find if any of these IOCs are in my environment?
ENGINEERED FOR PLANET-SCALE
Built by Google and intelligence veterans. Web-scale indexing, YARA at ludicrous speed, and structured AI reasoning turn raw artifacts into instant understanding across everything you’ve ever seen.