fatcousin
// artifact family

edr / mdr / siem exports

27 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
27
catalog slugs
27
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. crowdstrike falcon event export forensic analyzerdrop crowdstrike rtr / detections export json · parse processes + network + detections · runs locally
  2. crowdstrike rtr session forensic analyzerdrop crowdstrike rtr session log · parse responder commands + outputs · runs locally
  3. sentinelone deep visibility export forensic analyzerdrop sentinelone dv csv · parse process + file + url events · runs locally
  4. microsoft defender for endpoint export forensic analyzerdrop defender for endpoint hunting csv · parse devicelogonevents / deviceprocessevents / etc · runs locally
  5. microsoft defender for cloud alert forensic analyzerdrop azure defender for cloud alert json · parse alert + entity + impact · runs locally
  6. cortex xdr incident export forensic analyzerdrop cortex xdr incident json · parse alerts + investigations · runs locally
  7. carbon black cloud event export forensic analyzerdrop cb cloud event csv · parse process + network + watchlist hits · runs locally
  8. carbon black response edr export forensic analyzerdrop legacy cb response export · parse process tree + binary metadata · runs locally
  9. trend micro apex one export forensic analyzerdrop apex one event export · parse detections + policy actions · runs locally
  10. sophos central event forensic analyzerdrop sophos central event csv · parse threat + tamper-protection events · runs locally
  11. tanium question result forensic analyzerdrop tanium question export · parse endpoint sensor results · runs locally
  12. harfanglab edr export forensic analyzerdrop harfanglab event export · parse process + file + network · runs locally
  13. bitdefender gravityzone export forensic analyzerdrop bitdefender gravityzone event csv · runs locally
  14. eset protect export forensic analyzerdrop eset protect event log · runs locally
  15. splunk index search export forensic analyzerdrop splunk search csv / json export · parse + pivot indexed events · runs locally
  16. splunk savedsearch config forensic analyzerdrop splunk savedsearches.conf · parse alerts + thresholds + recipients · runs locally
  17. elastic ecs event log forensic analyzerdrop elastic ecs json export · parse normalized event schema · runs locally
  18. kibana saved query forensic analyzerdrop kibana saved query / dashboard export · parse search + filter usage · runs locally
  19. sumo logic search export forensic analyzerdrop sumo logic csv export · parse log lines + parser output · runs locally
  20. datadog log export forensic analyzerdrop datadog log export json · parse facets + service + host · runs locally
  21. datadog security signal forensic analyzerdrop datadog security signal export · parse detection rules + entities · runs locally
  22. graylog stream export forensic analyzerdrop graylog stream export json · parse message + extractor results · runs locally
  23. qradar offense export forensic analyzerdrop qradar offense export · parse magnitude + contributing events · runs locally
  24. logrhythm case export forensic analyzerdrop logrhythm case export · parse evidence items + analyst actions · runs locally
  25. rapid7 insightidr investigation forensic analyzerdrop insightidr investigation export · parse evidence + actor + timeline · runs locally
  26. arcsight correlation export forensic analyzerdrop arcsight cef event export · parse correlated events · runs locally
  27. chronicle google security event forensic analyzerdrop google chronicle udm export · parse normalized security events · runs locally
ready