LogRythm NetMon

LogRhythm NetMon is a powerful network traffic analytics tool designed specifically for thorough network monitoring and effective threat detection. Key features include: 1. **True Application Identification**: Automatically detects over 3,500 applications using advanced classification techniques and deep packet inspection. 2. **SmartFlow**: Provides detailed metadata for packets derived from each network session. 3. **Full Packet Capture**: Captures and stores network traffic in PCAP format across layers 2-7. 4. **REST API**: Facilitates integration with third-party tools to enable custom automations. 5. **Deep Packet Analytics (DPA)**: Correlates data against full packet payloads and SmartFlow information using both pre-built and customizable rules. 6. **SmartCapture**: Automatically captures sessions based on specific application or packet content. 7. **Customizable Dashboards**: Offers saved searches along with automated alerts to ensure continuous monitoring. 8. **Unstructured Search**: Allows users to drill down into essential packet and flow data utilizing an Elasticsearch backend. 9. **Email Reconstruction**: Aids in malware analysis and data loss prevention by reconstructing email attachments. 10. **Deep Packet Inspection (DPI)**: Identifies and categorizes thousands of applications at wire speed, filling in metadata fields. 11. **Pattern Matching and Heuristics**: Analyzes and extracts network data from layers 2-7 using various methodologies. 12. **Automated Threat Detection**: Detects personally identifiable information (PII), credit card details, port and protocol mismatches, and other signs of inappropriate data movement.