Logpoint NDR (Network Detection and Response) is a security solution that monitors network traffic to detect and respond to threats that may bypass traditional endpoint security measures. The platform uses AI and machine learning to analyze network activity patterns and identify malicious behavior in real-time. The solution features "Chain of Events" technology that connects seemingly unrelated security events to reveal hidden attack patterns. This AI-powered capability helps security teams focus on genuine threats by reducing alert noise and highlighting actual attack chains rather than individual alerts. Logpoint NDR operates without requiring agent deployment on endpoints, reducing operational overhead while providing visibility into network-based threats. It can detect various threats including malware, ransomware, and insider threats as they move across the network. The platform can be integrated with Logpoint SIEM to combine network traffic analysis with log data for more comprehensive security coverage. This integration enables security teams to correlate network-based detections with log-based evidence for improved threat hunting and incident response. Logpoint NDR helps organizations predict attacker movements by identifying tactics and techniques indicative of evolving attack chains, allowing for proactive threat prevention rather than just reactive response.
FEATURES
ALTERNATIVES
Netcap efficiently converts network packets into structured audit records for machine learning algorithms, using Protocol Buffers for encoding.
DenyHosts is a script to block SSH server attacks by automatically preventing attackers after failed login attempts.
A program to log login attempts on Telnet (port 23) and track the Mirai botnet
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
A simple IOC scanner bash script for Linux/Unix/OSX systems
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
Intercepts and examines mobile app connections by stripping SSL/TLS layer.
PINNED

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

OSINTLeak
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.