LogRhythm NetMon

Self-Hosted Network Traffic Analytics

Network monitoring plays an essential role in helping detect, stop, and recover from attacks. As threats can bypass perimeter defenses or originate from within, having visibility into your network traffic allows you to immediately recognize suspicious issues. 

LogRhythm NetMon provides the real-time visibility you need to monitor your organization’s entire network. 

Get Network Visibility

  • Automatically identify over 3,500 applications with True Application Identification’s advanced classification methods and deep packet inspection. 
  • Gain a rich set of packet metadata derived from each network session, appropriate to the type of application used with SmartFlow™. 
  • See every bit that crosses your network with Layer 2–7 packet capture stored in industry-standard PCAP format with full packet capture. 
  • Provide third-party tools access to network data for custom integrations and automation with a full-featured REST API. 

Automate Threat Detection

  • Correlate against full packet payload and SmartFlow data using Deep Packet Analytics’ (DPA) out-of-the-box rules and customizable scripts. 
  • Automatically capture sessions based on application or packet content to preserve the information you need with SmartCapture™. 
  • Surface continuous findings and fine-tune network visibility through saved searches with automated alerts and customizable dashboards.

Easily Investigate Threats

  • Drill down to critical packet and flow data on our Elasticsearch backend to streamline your investigation with unstructured search. 
  • Reconstruct email file attachments to support malware analysis and data loss monitoring.

See More Activity on Your Network with Deep Packet Analytics

NetMon’s Deep Packet Inspection (DPI) engine gives you a deep understanding of your network activity in an easy-to-access format. It identifies and categorizes thousands of applications at wire speed and populates thousands of metadata fields. NetMon also analyzes and extracts Layer 2–7 network data using a variety of methods, including pattern matching, heuristic modeling, and signatures for session identification. 

Deep Packet Analytics (DPA) builds upon DPI to provide a richer source of visibility into network traffic, including immediate recognition of PII, credit card information, port and protocol mismatch, and other key data revealing inappropriate data movement. DPA allows for continuous correlation against full packet payloads and metadata using prebuilt and custom rule sets and provides unprecedented control over alarming and response at the flow and packet level. Through DPA rules, you can automate threat detection that was previously only possible via manual packet analysis.

See LogRhythm NetMon in Action

Schedule a personalized demo with a security expert.

See what we've been working on...

See how we're delivering on promises to better serve our customers