// artifact family
identity threat detection & response forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- okta threat insight export forensic analyzerdrop okta threat insight export · parse actor + risk + event type · runs locally
- microsoft entra id protection export forensic analyzerdrop entra id protection export · parse user + risk level + detection · runs locally
- crowdstrike identity threat export forensic analyzerdrop crowdstrike identity export · parse account + anomaly + stage · runs locally
- sailpoint identity security export forensic analyzerdrop sailpoint identity security export · parse identity + risk score + policy · runs locally
- ping identity threat export forensic analyzerdrop ping identity threat export · parse user + risk event + source · runs locally
- identity credential stuffing burst detectordrop identity threat export · detect credential stuffing bursts · runs locally
- identity impossible travel anomaly detectordrop identity risk export · detect impossible travel patterns · runs locally
- identity privilege anomaly correlatordrop identity + iam exports · correlate risk to privilege change · runs locally
- multi itdr alert timeline correlatordrop 2+ itdr exports · unified identity risk timeline graph · runs locally
- cross itdr edr session correlatordrop itdr + edr exports · correlate identity alert to host session · runs locally