// artifact family
kubernetes runtime security forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- falco runtime alert forensic analyzerdrop falco alert export · parse rule + pod + syscall · runs locally
- cilium hubble flow log forensic analyzerdrop hubble flow export · parse source + destination + verdict · runs locally
- tetragon ebpf event log forensic analyzerdrop tetragon event export · parse process + policy + action · runs locally
- calico network policy audit forensic analyzerdrop calico audit export · parse policy + endpoint + action · runs locally
- kyverno policy violation forensic analyzerdrop kyverno violation export · parse policy + resource + result · runs locally
- opa gatekeeper constraint violation forensic analyzerdrop gatekeeper violation export · parse constraint + kind + message · runs locally
- k8s runtime privilege escalation detectordrop k8s runtime log export · detect privilege escalation in pods · runs locally
- k8s pod exec anomaly detectordrop k8s exec audit export · detect suspicious kubectl exec bursts · runs locally
- multi k8s runtime timeline correlatordrop 2+ k8s runtime exports · unified cluster timeline graph · runs locally
- cross k8s runtime network correlatordrop runtime + network flow exports · correlate pod to flow/session · runs locally