Threat intelligence and hunting using various logs has evolved into a crucial component of remaining aware of the ever-changing threat landscape. Given the critical need to extract useful intelligence from logs, existing techniques either focus exclusively on isolated records, ignoring correlation and the overall threat scenario, or require significant effort to filter and correlate threat records. Additionally, searching for and matching threat behaviors in logs often involves non-trivial human query construction, impeding fast threat hunting. To address this gap, we present ThreatLand, a system that extracts highlevel intelligence and structured threat patterns from audit logs automatically. ThreatLand is composed of three components (1) A lightweight and accurate NLP pipeline that extracts structured meta-data from alert descriptions and generates a heterogeneous graph that depicts the entire threat scenario. (2) A query execution engine that is both fast and efficient, based on a graphical database. (3) A graphical user interface (GUI) that offers various sorts of interactivity to aid intelligence exploration.We have evaluated the ThreatLand over the dataset containing 9240 real-time EDR alerts collected for the threat events over an enterprise setup in the lab. As a result, ThreatLand presents high-level insights from the alert logs and extracts the valuable threat patterns.