LogRhythm NetMon | Network Monitoring

LogRhythm NetMon

Real-Time Visibility into What's Happening on Your Network

Network monitoring plays an essential role in helping detect, stop, and recover from attacks. As threats can bypass perimeter defenses or originate from within, having visibility into your network traffic allows you to immediately recognize suspicious issues.

LogRhythm NetMon provides the real-time visibility and security analytics you need to monitor your organization’s entire network.

Top Network Traffic Analysis Use Cases

Surface data exfiltration activities: 
Identify long-running sessions, “low and slow” sessions hidden in normal traffic, anomalous outbound network sessions, and other activities indicative of data exfiltration.

Discover operational anomalies:
Verify that you aren’t seeing protocols or traffic that you think you’ve blocked or traffic between systems that should be isolated from each other.

Find hidden security threats: 
Catch security threats hiding in low-level chatty protocols like DNS, SNMP, or Kerberos.

Expose nuisance apps and bandwidth hogs: 
Discover when apps that are against corporate policy are being used. Find out who or what is taking up the most bandwidth.

Detect botnets and beaconing: 
Identify traffic using anomalous ports. View malformed packet headers. Recognize command and control callbacks.

See where your network traffic is going: 
Identify outbound IP and URL destinations and classify traffic by ingress, egress, or lateral motion in your network.

Get Maximum Network Visibility

  • Automatically identify over 3,500 applications with True Application Identification’s advanced classification methods and deep packet inspection.
  • Gain a rich set of packet metadata derived from each network session, appropriate to the type of application used with SmartFlow™.
  • Automate threat detection by correlating against full packet payload and SmartFlow data using Deep Packet Analytics’ (DPA) out-of-the-box rules and customizable scripts.
  • See every bit that crosses your network with Layer 2–7 packet capture stored in industry-standard PCAP format with full packet capture.
  • Automatically capture sessions based on application or packet content to preserve the information you need with SmartCapture™.
  • Drill down to critical packet and flow data on our Elasticsearch backend to streamline your investigation with unstructured search.
  • Reconstruct email file attachments to support malware analysis and data loss monitoring.
  • Surface continuous findings and fine-tune network visibility through saved searches with automated alerts and customizable dashboards.
  • Provide third-party tools access to network data for custom integrations and automation with a full-featured REST API.

See More Activity on Your Network with Deep Packet Analytics

NetMon’s Deep Packet Inspection (DPI) engine gives you a deep understanding of your network activity in an easy-to-access format. It identifies and categorizes thousands of applications at wire speed and populates thousands of metadata fields. NetMon also analyzes and extracts Layer 2–7 network data using a variety of methods, including pattern matching, heuristic modeling, and signatures for session identification.

Deep Packet Analytics (DPA) builds upon DPI to provide a richer source of visibility into network traffic, including immediate recognition of PII, credit card information, port and protocol mismatch, and other key data revealing inappropriate data movement. DPA allows for continuous correlation against full packet payloads and metadata using prebuilt and custom rule sets and provides unprecedented control over alarming and response at the flow and packet level.. Through DPA rules, you can automate threat detection that was previously only possible via manual packet analysis.

Go Further with Network Detection and Response

When a threat crosses your network, time is of the essence. While NetMon helps you detect threats, a solution with centralized analysis and full response capabilities means you can remediate them at lightning speed.

LogRhythm NetworkXDR goes beyond network traffic monitoring to provide complete visibility, machine-based analysis, threat corroboration, and prebuilt response capabilities for real-time network detection and response. With NetworkXDR, broad-spectrum network data flows from NetMon sensors to the LogRhythm NextGen SIEM Platform. The SIEM further enriches this data with environmental and threat context and applies dynamic machine analytics, including known indicators of compromise (IOC) signature-based inspection, tactics, techniques, and procedures (TTP) scenario-based modeling and behavioral analysis to expose evolving threats more effectively.

The result is full coverage against known and unknown network threats without the need for heavy tuning or lengthy machine learning training periods.

Compare Network Monitoring Options​


NetMon Freemium



Unstructured Search Across All Network Data
Deep Packet Analytics
Full Packet Capture & SmartCapture™
Automatic Recognition of 3,500+ Applications
Continuous Search-Based Alerting
Data Forwarding via Syslog Diagnostics and Alarms
Data Processing Rate Up to 1 Gbps Up to 10 Gbps Up to 10 Gbps per sensor
Packet Capture Storage 1 GB Unlimited Unlimited
Metadata Indexing Retention Up to 3 days Up to 30 days Unlimited SmartFlow metadata
Correlation with Additional Data Sources
Automated Response Capabilities
Full Investigative Workflow
Support Online only, through the Community Enterprise-grade phone and chat support Enterprise-grade phone and chat support

Flexible Deployment Options

Choose the right NetMon deployment for your environment

NetMon’s passive sensors deploy via TAP, SPAN, GRE, or integration with a third-party network packet broker. Both perpetual and subscription licensing options are available.