
LogRythm NetMon
#Network & Cloud#Network Security
Linux packet crafting tool for testing IDS/IPS and creating attack signatures.
LogRhythm NetMon: A Comprehensive Network Traffic Analytics Tool
LogRhythm NetMon is a powerful network traffic analytics tool designed specifically for thorough network monitoring and effective threat detection.
Key features include:
1. **True Application Identification**: Automatically detects over 3,500 applications using advanced classification techniques and deep packet inspection.
2. **SmartFlow**: Provides detailed metadata for packets derived from each network session.
3. **Full Packet Capture**: Captures and stores network traffic in PCAP format across layers 2-7.
4. **REST API**: Facilitates integration with third-party tools to enable custom automations.
5. **Deep Packet Analytics (DPA)**: Correlates data against full packet payloads and SmartFlow information using both pre-built and customizable rules.
6. **SmartCapture**: Automatically captures sessions based on specific application or packet content.
7. **Customizable Dashboards**: Offers saved searches along with automated alerts to ensure continuous monitoring.
8. **Unstructured Search**: Allows users to drill down into essential packet and flow data utilizing an Elasticsearch backend.
9. **Email Reconstruction**: Aids in malware analysis and data loss prevention by reconstructing email attachments.
10. **Deep Packet Inspection (DPI)**: Identifies and categorizes thousands of applications at wire speed, filling in metadata fields.
11. **Pattern Matching and Heuristics**: Analyzes and extracts network data from layers 2-7 using various methodologies.
12. **Automated Threat Detection**: Detects personally identifiable information (PII), credit card details, port and protocol mismatches, and other signs of inappropriate data movement.