// artifact family
soar / incident orchestration forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- cortex xsoar incident war room forensic analyzerdrop xsoar incident json export · parse war room entries + task timeline + owner · runs locally
- splunk soar playbook run forensic analyzerdrop splunk soar container/run export · parse playbook blocks + action results · runs locally
- swimlane case timeline forensic analyzerdrop swimlane case export · parse record events + automation + assignee · runs locally
- torq automation run log forensic analyzerdrop torq workflow run export · parse step status + integration calls · runs locally
- servicenow security incident response forensic analyzerdrop servicenow secops incident export · parse tasks + cmdb links + state · runs locally
- pagerduty incident bridge forensic analyzerdrop pagerduty incident + bridge export · parse responder timeline + conference events · runs locally
- xsoar indicator ledger forensic extractordrop xsoar indicator export · parse reputation + relationships + expiration · runs locally
- incident response playbook deviation detectordrop soar playbook run export · detect skipped steps + manual overrides · runs locally
- soar enrichment action forensic analyzerdrop soar enrichment task export · parse vendor queries + hit counts · runs locally
- multi soar playbook correlation tooldrop 2+ soar run exports · correlate incident id + shared indicators · runs locally