SaaSWatch

SaaSWatch is a web app (with optional Slack/Teams integration) that detects account-takeover and insider-risk signals across common SaaS tools like Microsoft 365, Google Workspace, Salesforce, GitHub, Okta, and Slack. It focuses on the messy middle market that has “some logs” but no full SIEM team. The product normalizes identity and audit events, then flags high-signal behaviors: impossible travel, new device + token reuse, suspicious OAuth app grants, mass file downloads, mailbox forwarding rules, admin role changes, and unusual API usage. Instead of dumping alerts, it produces a short incident timeline, recommended containment steps, and one-click actions (disable session, revoke tokens, reset MFA, remove OAuth app) via supported APIs. This is an AI + traditional app: AI helps summarize incidents and reduce noise, but rules and baselines remain transparent and tunable.