Stairwell is a SaaS-based search engine for file analysis and threat intelligence. It is designed to give threat intelligence, SOC, and incident response teams visibility into files present across their environment by indexing and analyzing artifacts at scale. Key capabilities include: - Hash and IOC lookups to determine if known malicious indicators exist in the environment - Hostname and IP address reputation and history lookups - Search for vulnerable files (e.g., Log4J) or unauthorized applications across enterprise endpoints - Malware variant discovery, including identifying related files and infection timelines - Continuous and private YARA rule analysis against files in the environment - AI-based triage verdicts that explain file behavior and characteristics - Prevalence analysis to determine how widely a file has been seen across devices - Threat report health checks to validate or rule out IOC presence - Negative confirmation — proving the absence of a known IOC or threat artifact Files and threat intelligence are stored in a private vault, isolated from external access, meaning adversaries cannot study the system. The platform is built for continuous, automated analysis without requiring endpoint-visible tooling. Stairwell is positioned as an alternative to log-based tools for answering forensic and investigative questions that traditional SIEMs or EDR platforms may not resolve quickly. It supports integration into SOC, SIEM, and SOAR workflows.