// artifact family
siem platform forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- splunk enterprise security notable export forensic analyzerdrop splunk es notable export · parse rule + urgency + owner · runs locally
- elastic security detection alert forensic analyzerdrop elastic security alert export · parse rule + host + severity · runs locally
- exabeam security analytics event forensic analyzerdrop exabeam event export · parse session + risk score + user · runs locally
- securonix sniper threat forensic analyzerdrop securonix threat export · parse policy + entity + risk · runs locally
- devo platform query export forensic analyzerdrop devo query export · parse alert + source + tag · runs locally
- siem rule suppression anomaly detectordrop siem rule config export · detect mass suppression changes · runs locally
- siem alert fatigue pattern detectordrop siem alert export · detect repetitive low-value alert storms · runs locally
- siem correlation rule change detectordrop siem rule audit export · detect unauthorized rule edits · runs locally
- multi siem incident timeline correlatordrop 2+ siem incident exports · unified alert timeline graph · runs locally
- cross siem identity alert correlatordrop siem + iam exports · correlate alert subject to active accounts · runs locally