// artifact family
email threat intelligence forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- proofpoint tap threat feed forensic analyzerdrop proofpoint tap export · parse campaign + threat + url/hash · runs locally
- mimecast threat intelligence export forensic analyzerdrop mimecast ti export · parse indicator + category + action · runs locally
- microsoft defender threat intelligence email forensic analyzerdrop defender ti email export · parse actor + ioc + severity · runs locally
- recorded future email ioc export forensic analyzerdrop recorded future export · parse risk + entity + reference · runs locally
- anomali email threat export forensic analyzerdrop anomali threat export · parse indicator + source + confidence · runs locally
- cisco secure email threat forensic analyzerdrop cisco secure email ti export · parse outbreak + verdict + recipient · runs locally
- email ioc campaign cluster detectordrop 2+ email ti exports · cluster iocs by campaign fingerprint · runs locally
- email threat actor ttp correlatordrop email ti export · map indicators to mitre ttp tags · runs locally
- multi email threat intel timeline correlatordrop 2+ email ti exports · unified campaign timeline graph · runs locally
- cross email threat intel siem correlatordrop email ti + siem exports · correlate ioc to mailbox hits · runs locally