LURELIT

▸ Don't take the bait.

Agentic phishing analysis, powered by Elastic.

Upload screenshots of suspicious messages. Lurelit analyzes them with AI vision, enriches IOCs, and hunts your environment — all orchestrated by Elastic Workflows.

View on GitHub Documentation →

Elastic Workflows

workflow.live

exec_id wf_x39d_2026

01 › INGEST screenshot.png received · 1.4 MB

02 ›

// How it works

Three steps to a verdict.

▸ upload ▸ analyze ▸ verdict

STEP 01

Upload

Drop a screenshot of a suspicious message — SMS, email, or chat.

STEP 02

Analyze

Lurelit enriches IOCs, classifies threats, and hunts your environment.

STEP 03

Verdict

Get a full report with confidence scores, attack chains, and recommendations.

// Capabilities

Everything you need to investigate.

From the first pixel of a screenshot to a fully-enriched, hunt-corroborated verdict.

AI Vision Analysis

Claude Opus 4.7 deconstructs screenshots, identifying social engineering tactics and brand impersonation.

IOC Enrichment

Automatic reputation checks via VirusTotal and urlscan.io for every extracted URL and domain.

Automated Threat Hunting

ES|QL queries hunt across your Elastic data for related indicators and prior sightings.

Human-in-the-Loop

Ambiguous verdicts pause for analyst approval before finalizing — keeping humans in control.

Cost Tracking

Per-analysis cost breakdown tracks token usage and API calls with full transparency.

Bulk Upload

Drag and drop multiple screenshots for batch processing with parallel execution.

Real-time Progress

Live workflow timeline shows every step as it executes, with streaming status updates.

History & Analytics

Full analysis history with search, filtering, and aggregate metrics across investigations.

// See it in action

From screenshot to verdict.

Watch Lurelit analyze, enrich, and hunt — step by step.

See it in action →

Run Lurelit in your stack.

Self-hosted and built on Elastic Workflows. Clone the repo, plug in your keys, and start lighting up lures.

Clone the repo Read the docs →