LogRythm NetMon Logo

LogRythm NetMon

0
Commercial
Visit Website

LogRhythm NetMon is a network traffic analytics tool designed for comprehensive network monitoring and threat detection. Key features include: 1. True Application Identification: Automatically identifies over 3,500 applications using advanced classification methods and deep packet inspection. 2. SmartFlow: Provides detailed packet metadata derived from each network session. 3. Full Packet Capture: Captures and stores network traffic in PCAP format for layers 2-7. 4. REST API: Allows integration with third-party tools for custom automations. 5. Deep Packet Analytics (DPA): Correlates against full packet payload and SmartFlow data using pre-built and customizable rules. 6. SmartCapture: Automatically captures sessions based on application or packet content. 7. Customizable Dashboards: Offers saved searches with automated alerts for continuous monitoring. 8. Unstructured Search: Enables drilling down to critical packet and flow data using an Elasticsearch backend. 9. Email Reconstruction: Supports malware analysis and data loss monitoring by reconstructing email attachments. 10. Deep Packet Inspection (DPI): Identifies and categorizes thousands of applications at wire speed, populating metadata fields. 11. Pattern Matching and Heuristics: Analyzes and extracts Layer 2-7 network data using various methods. 12. Automated Threat Detection: Recognizes PII, credit card information, port and protocol mismatches, and other indicators of inappropriate data movement.

FEATURES

ALTERNATIVES

A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files or live network traffic.

MIDAS (Mac Intrusion Detection Analysis System) - archived and no longer supported.

A program to log login attempts on Telnet (port 23) and track the Mirai botnet

Authenticated SSRF in Grafana

SentryPeer is a fraud detection tool that monitors and detects fraudulent activities on SIP servers, capturing IP addresses and phone numbers of suspicious activities and providing a notification system to service providers.

Intercepts and examines mobile app connections by stripping SSL/TLS layer.

A tool for exploiting HTTP/2 cleartext smuggling vulnerabilities

A Python-based tool for subdomain enumeration and analysis