SecTracev2 · preview
Cross-vendor journey reconstruction

Answers in 3 clicks
what a user has done
across all your infra.

Cross-cloud, cross-region, cross-vendor. Every login, every access decision, every cloud API call — unified on one timeline per actor. The question your CTO asks on Monday: reconstructed in seconds, not three weeks.

No credit card. Preview access is granted per organization.

dashboard.sectrace.cloud/journey
actor: ismael@ncn
Timeline · Jun 15 · 10:00 – 10:201 anomaly
  1. 10:12:04Madrid, ES
    Entra ID · sign-in
  2. 10:12:07MAD1
    Cloudflare · WARP tunnel
  3. 10:14:22eu-west-1
    AWS · console.login
  4. 10:14:59us-central1
    GCP · storage.objects.get
  5. 10:15:18
    GitHub · repo.clone (private)
ZTNA break — actor did not pass through Cloudflare before GCP call.

Ingests from every major identity, cloud & edge

Entra IDOktaAWSAzureGCPCloudflareGitHubSnowflakeDatadogEntra IDOktaAWSAzureGCPCloudflareGitHubSnowflakeDatadog
3
clicks to reconstruct a journey
90d
of actor history, live queryable
8+
cloud & identity vendors unified
< 5s
from question to timeline

What SecTrace does

Three pillars, one engine

Actor journey

One user, all systems. Filter by email, see 90 days of activity across Entra, Okta, AWS, GCP, Azure, Cloudflare, GitHub in one screen.

ZTNA coherence

Your Zero Trust policy says the user must pass by Cloudflare with MFA from ES. SecTrace flags when that contract breaks in the cloud API.

Process mining

Learn the normal journey of each role from the data itself. Divergences light up in red — no rules to write.

How it works

From raw logs to a story you can defend

01

Connect

Point SecTrace at your identity providers, cloud APIs, and edge. Read-only, minutes to onboard.

02

Ingest

Every sign-in, every access decision, every cloud API call normalized into one actor timeline.

03

Answer

Ask the question in plain English. Get the reconstructed journey with evidence in three clicks.

Use cases

Three killer stories, one engine

SOC triage

Cross-cloud incident, one screen

A user logs in from Madrid, hits AWS EU-West, then a GCP resource in US-Central 30s later. One SOC screen, one timeline — decide in minutes, not days.

Governance

Prove your Zero Trust contract holds

Your policy says every cloud API must be preceded by Cloudflare + MFA. SecTrace watches the actual cloud API calls and flags every break with evidence.

Process mining

Role baselines discovered from data

Learn the normal DFG per role from the data. Onboarding a new hire? Their journey lights up when it diverges from their peers — no rules written.

ZTNA coherence

Your Zero Trust policy says one thing.
The cloud API tells us another.

SecTrace watches both. When the actual API call skipped Cloudflare, or skipped MFA, or came from the wrong region — you get a case with evidence, not a warning to ignore.

// Policy contract
actor must pass cloudflare
with mfa from country=ES
before any cloud.api.call
// Observed on 2026-06-15
✗ 10:14:59 gcp.storage.objects.get
↳ no cloudflare hop
↳ no mfa in last 8h

Ready to see your infra as one timeline?

Preview access is granted per organization. Onboard your tenant and get answers in seconds instead of weeks.