Myles Young Design
Case Studies UX / Product

2026

BlendScope

BlendScope is a security investigation platform: the intelligence layer above the existing security stack that turns raw signals from multiple tools into a unified, investigable picture of system behavior.

The core insight is that security is a graph problem, not a log problem. BlendScope gives experienced analysts multiple perspectives, or Scopes, through which to reason about what actually happened.

BlendScope home feed

Audience

Primary: Experienced SOC investigators, DFIR teams, and detection engineers

Secondary: Security leaders who need durable incident knowledge beyond dashboard views

My Role

UX/Product Designer - product strategy, IA, investigative workflows, graph/canvas interaction model, and prototype direction

Stack

React 19, Vite, TailwindCSS v4, Radix UI, Express, Recharts, custom canvas views, Wouter, Framer Motion

Integrations

Groq live; Elastic, Wazuh, LimaCharlie, Sigma, DFIR-IRIS, Intune, and Entra ID scaffolded or planned

Challenge

The Problem

Most SIEMs are optimized around ingestion, query speed, and alert volume. BlendScope is optimized around investigation cognition.

  • Attackers pivot across identity, endpoint, network, and cloud in ways no single tool sees
  • Rule-driven tools surface alerts but rarely explain system behavior
  • Investigation context is often lost between shifts, tickets, and browser tabs
  • Experienced analysts need lenses for reasoning, not another stream of conclusions

Objectives

Project Goals

  • Model the environment as entities, relationships, and events
  • Design Scopes that rearrange the same signals into useful investigative perspectives
  • Reduce cognitive load through signal-first defaults and progressive relationship reveal
  • Create a persistent canvas where investigation knowledge compounds over time

Screens

Product Screens

BlendScope home feed with investigation signals
BlendScope overview scope
BlendScope overview lower panel
BlendScope live map scope
BlendScope live map detail
BlendScope Gravity Well graph view
BlendScope Gravity Well with entity relationships
BlendScope AI assistant scope
BlendScope event timeline
BlendScope event timeline expanded

Approach

Design Process

  1. 01 Positioning
    • Defined BlendScope as the OS above Elastic, Wazuh, LimaCharlie, and Sigma rather than a replacement for them
    • Framed the competitive gap against dashboard-first SIEM workflows
  2. 02 Investigation Lenses
    • Designed core views around cognitive jobs: Home Feed, Gravity Well, Forensic Canvas, Timeline, Live Map, AI Assistant, tool pages, and All Alerts
    • Kept the philosophy explicit: signals to perspectives to human reasoning
  3. 03 Gravity Well
    • Specified sequence mode, jump link explorer, organic clustering, outward link flow, and story mode
    • Used one-relationship-at-a-time reveal to prevent complex graph views from becoming noise
  4. 04 Architecture
    • Established an Express proxy pattern so API credentials stay server-side
    • Normalized connected tool data into BlendScope's visual language while preserving tool-specific operational context

Results

Outcome & Vision

8 Core investigative surfaces mapped
1 Live AI integration with Groq / llama-3.3-70b
OS Positioned as the investigation layer above the security stack