// artifact family
ztna / sase platform expansion forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- cato sase audit log forensic analyzerdrop cato sase audit export · parse user + app + action · runs locally
- twingate access log forensic analyzerdrop twingate access export · parse resource + user + network · runs locally
- appgate sdp audit log forensic analyzerdrop appgate sdp audit export · parse session + entitlement + user · runs locally
- perimeter81 zero trust log forensic analyzerdrop perimeter 81 export · parse gateway + user + destination · runs locally
- forcepoint one sase log forensic analyzerdrop forcepoint one export · parse policy + user + url · runs locally
- ztna impossible travel access detectordrop ztna session export · detect impossible travel access patterns · runs locally
- ztna device posture bypass detectordrop ztna posture export · detect device posture bypass attempts · runs locally
- ztna privileged app access detectordrop ztna app export · detect privileged application access bursts · runs locally
- multi ztna session timeline correlatordrop 2+ ztna exports · unified zero-trust session timeline graph · runs locally
- cross ztna identity access correlatordrop ztna + iam exports · correlate app access to identity account · runs locally