LogRythm NetMon Logo

LogRythm NetMon

0
Commercial
Visit Website

LogRhythm NetMon is a network traffic analytics tool designed for comprehensive network monitoring and threat detection. Key features include: 1. True Application Identification: Automatically identifies over 3,500 applications using advanced classification methods and deep packet inspection. 2. SmartFlow: Provides detailed packet metadata derived from each network session. 3. Full Packet Capture: Captures and stores network traffic in PCAP format for layers 2-7. 4. REST API: Allows integration with third-party tools for custom automations. 5. Deep Packet Analytics (DPA): Correlates against full packet payload and SmartFlow data using pre-built and customizable rules. 6. SmartCapture: Automatically captures sessions based on application or packet content. 7. Customizable Dashboards: Offers saved searches with automated alerts for continuous monitoring. 8. Unstructured Search: Enables drilling down to critical packet and flow data using an Elasticsearch backend. 9. Email Reconstruction: Supports malware analysis and data loss monitoring by reconstructing email attachments. 10. Deep Packet Inspection (DPI): Identifies and categorizes thousands of applications at wire speed, populating metadata fields. 11. Pattern Matching and Heuristics: Analyzes and extracts Layer 2-7 network data using various methods. 12. Automated Threat Detection: Recognizes PII, credit card information, port and protocol mismatches, and other indicators of inappropriate data movement.

FEATURES

ALTERNATIVES

PFQ v6.2 is a functional framework for Linux optimized for efficient packet capture/transmission and in-kernel processing.

An information gathering tool for DNS, subdomains, ports, and directories enumeration.

ICAP Server with Yara scanner for URL and content.

Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.

A DNS rebinding toolkit

A program to log login attempts on Telnet (port 23) and track the Mirai botnet

A honeytoken-based tripwire for Microsoft's Active Directory to detect privilege escalation attempts

Authenticated SSRF in Grafana