// artifact family
casb / cloud app security forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- zscaler casb cloud app log forensic analyzerdrop zscaler casb log export · parse app + activity + policy · runs locally
- microsoft defender cloud apps alert forensic analyzerdrop defender cloud apps alert export · parse app + user + risk · runs locally
- forcepoint casb activity log forensic analyzerdrop forcepoint casb export · parse cloud app + action + user · runs locally
- bitglass casb audit log forensic analyzerdrop bitglass audit export · parse app + dlp + session · runs locally
- mcafee mvision cloud activity log forensic analyzerdrop mvision cloud export · parse app + event + policy · runs locally
- casb shadow it app detectordrop casb app discovery export · detect unsanctioned cloud apps · runs locally
- casb oauth token abuse detectordrop casb oauth grant export · detect excessive scope grants · runs locally
- casb cloud download anomaly detectordrop casb download log export · detect bulk exfiltration bursts · runs locally
- multi casb saas activity correlatordrop 2+ casb activity exports · unified saas timeline graph · runs locally
- cross casb identity cloud app correlatordrop casb + iam exports · correlate cloud app user to account · runs locally