fatcousin
// industry vertical

secrets manager / PAM forensics

AWS Secrets Manager · Azure Key Vault · GCP Secret Manager · Doppler · CyberArk PVWA · BeyondTrust · 1Password Connect · Bitwarden Secrets Manager · rotation failure correlation · cross-vault access overlap.

tools
12
priority
H
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this vertical.

  1. aws secrets manager access log forensic analyzerdrop aws secrets manager cloudtrail export · parse secret arn + caller + get/put timeline · runs locally
  2. azure key vault access audit forensic analyzerdrop azure key vault diagnostic export · parse key/secret operations + caller ip · runs locally
  3. cyberark privileged access session forensic analyzerdrop cyberark pvwa session export · parse safe + account + recording id · runs locally
  4. cross vault secret access correlatordrop 2+ vault/secret manager exports · correlate principal + secret name overlap · runs locally
  5. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

also useful · secondary tools

cross-cutting tools that surface depending on the specific investigation.

  1. gcp secret manager access log forensic analyzerdrop gcp secret manager audit export · parse secret version + accessor + iam principal · runs locally
  2. doppler secrets sync audit forensic analyzerdrop doppler audit log export · parse project + secret + sync target · runs locally
  3. beyondtrust password safe session forensic analyzerdrop beyondtrust session export · parse managed account + jump host + reason · runs locally
  4. one password connect audit log forensic analyzerdrop 1password connect audit export · parse vault + item + token client · runs locally
  5. bitwarden secrets manager audit forensic analyzerdrop bitwarden secrets manager audit export · parse project + secret + machine account · runs locally
  6. secrets rotation failure timeline correlatordrop rotation job log export · correlate failed rotations + stale secret use · runs locally
  7. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally

want deeper secrets / PAM coverage?

this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.

ready