PathixDataverse Forensics
Forensics for Dynamics 365 and Dataverse

Map the write paths.
Audit every role.

Pathix builds one graph of your Dynamics 365 and Dataverse environment, deterministic at its core: what writes every field, what each plugin is built to do, who can touch what. Whether a number moved and you need to trace it, or you're scoping a migration, the answer starts with the same map.

Book a demoSee it on sample data →
writereadPLGPlugin step✦ AI-derivedContosoLegacy.Sync.AccountBalanceShadow ◇35WFClassic workflowCredit Limit Approval Workflow ◇8+4 more writersTABLEaccountcreditlimit48creditonhold24new_riskscore4PLGPlugin step⚑ findingContosoCredit.PostUpdate.NotifyMainframe26+11 more dependentsFIELD IN CONTEXTaccount.creditlimitsalience 48 · 88th percentilesalience · graph prominence, not risk
Four jobs, one graph

What do you want to do with it?

Pick the work in front of you. Every door draws from the same graph; the difference is the job, and the words for it.

AI is optional and off by default. How Pathix uses AI →

Three axes, never merged

Severity, salience, and confidence stay on separate axes.

Most tools collapse everything into one number. Pathix keeps three questions apart: how severe a security finding is (severity), how prominent a field or component is in your dependency graph (salience), and how each edge was established (confidence). Severity and salience are ranked in separate lanes that never merge; confidence rides every row. Blend them into one score and all three read wrong.

SEVERITY

The security verdict

A deterministic check that fired, ranked Critical to Info. Findings only. Salience never enters this ordering.

SALIENCE

Graph prominence, 0 to 100

How many things write a field, whether it is sensitive, whether unverified edges touch it, whether it sits next to a finding. It ranks what is noisy, not what is risky. A low score is not a safety verdict.

CONFIDENCE

How Pathix knows each edge

Declared, pinned by platform structure. Parsed, resolved from the component logic. AI-derived, an evidence-coupled reading of your own plugin code that never overrides a deterministic edge.

“Two axes, never merged into one list. Severity is the security verdict (findings only). Salience is computed graph prominence: noisiest first, not a risk ranking; a low salience score is not a safety verdict. Confidence rides every row as its own dimension.”

Shown on the Pathix console.
See salience live in the demo →Read the guide →
The console

One place for every environment.

Every scan rolls up into one console. Findings ranked by severity and hotspots ranked by salience sit side by side but never blend: the riskiest finding and the top hotspot each get their own spotlight. You also see what changed since the last scan and an honest read on coverage and blind spots. The same graph the doors above draw from, in the view you open first.

The Pathix home console. Five tiles: three environments, 22 open findings, 6 high, 4 hotspots, and plus three since the last scan. A riskiest-finding spotlight (a high-severity privileged role shared between humans and integrations) sits beside a top-hotspot spotlight (the creditlimit field at salience 48), never merged. Below: open findings ranked by severity, hotspots ranked by salience (creditlimit 48, an AI-derived shadow writer 35, an orphaned reader 26, creditonhold 24), and a coverage panel showing 40 percent Declared, 50 percent Parsed, 10 percent AI-derived confidence with four unvalidated AI-derived edges to review. A banner reads: two axes, never merged into one list.
For consultancies

Your edge on every engagement.

Land a fast, paid assessment, then bid the migration fixed-price with the discovery risk measured instead of guessed, then stay on for delivery and managed services. Pathix gets you in the door and keeps you on the account.

Land the assessment

A low-risk, high-margin first sale that maps the environment in hours.

Bid fixed-price

The big unknown measured up front, so you quote the migration without padding.

Keep the account

Pathix stays on through delivery and managed services.

Pathix for consultancies →

Built to survive a security review

Self-hosted, read-only, metadata-only.

The boundaries are architectural, not promises. Deploy it in your own tenant, read the schema yourself, and check the exact read-only role before you grant it.

In your own Azure

Deploys into the customer's own subscription from a Bicep template and a guided wizard. Nothing about running it requires data to leave the tenant.

Read-only, metadata-only

A read-only application user. Pathix reads schema, registrations, and definitions, and never stores, transmits, or analyzes your business record values.

The AI tier holds the same line

Turn AI on with your own key and the metadata-only boundary still applies. Record values stay out of the AI path too.

See exactly what Pathix reads, and what it never touches →Read the security white paper (PDF) →

See what Pathix finds in a real environment.

A 30-minute walkthrough on a pre-scanned demo environment. No access to your tenant, nothing to install. Bring the questions your current tools can't answer.

Book a demoExplore the live demo →
Pathix

Forensics for Dynamics 365 and the Dataverse.

See it on sample data →
USE CASES
PRODUCT
COMPANY
© 2026 Pathix · self-hosted · metadata-onlyNot affiliated with Microsoft. Dynamics 365, Dataverse, and Power Platform are trademarks of Microsoft Corporation.