Network Detection and Response
NDR platforms for real-time network threat detection, investigation, and automated response to network-based attacks.
Browse 74 network detection and response tools
FEATURED
RELATED TASKS
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
A service for better visibility on networking issues in Kubernetes clusters by detecting traffic denied by iptables.
A service for better visibility on networking issues in Kubernetes clusters by detecting traffic denied by iptables.
A tool for classifying packets into flows based on 4-tuple without additional processing.
A tool for classifying packets into flows based on 4-tuple without additional processing.
Makes output from the tcpdump program easier to read and parse.
A network protocol analyzer for capturing and analyzing network traffic with a focus on TCP/IP flow reconstruction and response time tracking.
A network protocol analyzer for capturing and analyzing network traffic with a focus on TCP/IP flow reconstruction and response time tracking.
A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.
A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.
A cross-platform network detection tool that identifies active Responder tools by sending LLMNR queries for fabricated hostnames.
A cross-platform network detection tool that identifies active Responder tools by sending LLMNR queries for fabricated hostnames.
A controller addon that provides additional security defenses for onion services ahead of official Tor-core release.
A controller addon that provides additional security defenses for onion services ahead of official Tor-core release.
A KDE Plasma 4 widget that displays real-time traffic information for active network connections on Linux computers.
A KDE Plasma 4 widget that displays real-time traffic information for active network connections on Linux computers.
A toolset for collecting and processing netflow/ipfix and sflow data from netflow/sflow compatible devices.
A toolset for collecting and processing netflow/ipfix and sflow data from netflow/sflow compatible devices.
High-speed packet capture library with user-level network socket.
High-speed packet capture library with user-level network socket.
Zeek Remote desktop fingerprinting script for fingerprinting Remote Desktop clients.
Zeek Remote desktop fingerprinting script for fingerprinting Remote Desktop clients.
Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.
Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.
A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.
A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.
Open source framework for network traffic analysis with advanced features.
Open source framework for network traffic analysis with advanced features.
A TCP-based traceroute implementation that bypasses firewall filters to trace the path to a destination.
A TCP-based traceroute implementation that bypasses firewall filters to trace the path to a destination.
Accurate detection of HTTPS interception and robust TLS fingerprinting tool.
Accurate detection of HTTPS interception and robust TLS fingerprinting tool.
A multi-threading tool for sniffing HTTP header records with support for offline and live sniffing, TCP flow statistics, and JSON output.
A multi-threading tool for sniffing HTTP header records with support for offline and live sniffing, TCP flow statistics, and JSON output.
Passive Network Audit Framework (PNAF) v0.1.2 provides passive network auditing capabilities and is now a project of COSMIC-Chapter of The Honeynet Project.
Passive Network Audit Framework (PNAF) v0.1.2 provides passive network auditing capabilities and is now a project of COSMIC-Chapter of The Honeynet Project.
Tcpdump is a command-line packet analyzer for capturing and analyzing network traffic.
Tcpdump is a command-line packet analyzer for capturing and analyzing network traffic.
PFQ v6.2 is a functional framework for Linux optimized for efficient packet capture/transmission and in-kernel processing.
PFQ v6.2 is a functional framework for Linux optimized for efficient packet capture/transmission and in-kernel processing.
High-performance packet capture library with zero copy functionality.
High-performance packet capture library with zero copy functionality.
An open source packet capture and forwarding tool that captures network packets on one machine and sends them to another for remote monitoring and analysis.
An open source packet capture and forwarding tool that captures network packets on one machine and sends them to another for remote monitoring and analysis.
Network Detection and Response Tools - FAQ
Common questions about Network Detection and Response tools including selection guides, pricing, and comparisons.
NDR platforms for real-time network threat detection, investigation, and automated response to network-based attacks.
