SIEM Query Template Library

Abstract

SIEM Query Template Library is a client-side security and utility tool hosted on lab.johlem.net. Search and filter 30 SIEM query templates across QRadar AQL, Splunk SPL, and Microsoft Sentinel KQL. All processing occurs entirely in the browser using standard Web APIs — no data is transmitted to any server, making the tool suitable for use with sensitive data in professional environments.

Architecture

1. Client-side processing

The tool runs entirely in the browser. All computations, parsing, encoding, and analysis are performed using JavaScript and the Web Crypto API where applicable. No server-side processing is involved, which means:

Sensitive data (passwords, hashes, tokens, keys) never leaves the user's device
The tool works offline once the page is loaded
No user data is logged, stored, or transmitted

2. Zero dependencies

The implementation uses vanilla JavaScript with no external libraries or frameworks. This eliminates supply-chain risk and ensures the tool remains functional without CDN availability. Font loading (Barlow Condensed, JetBrains Mono) is the only external resource.

3. Input handling

User input is processed through DOM APIs with proper escaping. Output is rendered using textContent or sanitised HTML construction to prevent XSS. No eval() or innerHTML with unsanitised user data is used.

Stack & Tooling

Languages: HTML5, CSS3 (custom properties), vanilla JavaScript
Libraries: none — zero external dependencies
Fonts: Barlow Condensed (condensed sans-serif), JetBrains Mono (monospace) self-hosted WOFF2
APIs: Web Crypto API, Clipboard API, File API where applicable
Hosting: static file server
Build tools: none