Network Detection and Response

A network detection and response platform that uses machine learning to analyze network metadata for threat detection without requiring hardware sensors or being affected by encryption.

Infoblox Threat Defense is a DNS-layer security solution that detects and blocks threats across hybrid and multi-cloud environments by monitoring DNS traffic and leveraging threat intelligence.

A network detection and response solution that uses AI and machine learning to monitor network traffic, identify malicious behavior, and connect related security events to reveal attack patterns without requiring endpoint agents.

A network detection and response platform that combines AI-driven behavioral analytics with collaborative threat intelligence sharing across organizations to provide early warning of cyber attacks.

Arkime is an open-source network capture and analysis tool that provides comprehensive network visibility, facilitating swift identification and resolution of security and network issues.

LogRhythm NetMon is a network traffic analytics tool that provides real-time visibility, automated threat detection, and investigation capabilities for organizational networks.

NFStream is a multiplatform Python framework for network flow data analysis with a focus on speed and flexibility.

A Zeek-based protocol analyzer that parses GQUIC traffic to extract connection metadata and create fingerprints for detecting anomalous network behavior.

Django based web application for network traffic analysis with protocol handling capabilities.

Apache Spot is an open source big data platform that analyzes network flows and packet data to identify security threats and provide visibility into enterprise computing environments.

PCAPdroid is a privacy-friendly app for tracking, analyzing, and blocking network connections on your device.

A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices

A service for better visibility on networking issues in Kubernetes clusters by detecting traffic denied by iptables.

A tool for classifying packets into flows based on 4-tuple without additional processing.

Makes output from the tcpdump program easier to read and parse.

A network protocol analyzer for capturing and analyzing network traffic with a focus on TCP/IP flow reconstruction and response time tracking.

A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.

A cross-platform network detection tool that identifies active Responder tools by sending LLMNR queries for fabricated hostnames.

A controller addon that provides additional security defenses for onion services ahead of official Tor-core release.

A KDE Plasma 4 widget that displays real-time traffic information for active network connections on Linux computers.

A toolset for collecting and processing netflow/ipfix and sflow data from netflow/sflow compatible devices.

High-speed packet capture library with user-level network socket.

Zeek Remote desktop fingerprinting script for fingerprinting Remote Desktop clients.

Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.