Network Probe

The Network Probe module provides deep packet inspection, flow analysis, and network behavior monitoring capabilities. It captures and analyzes network traffic in real-time, feeding enriched data to the SIEM and analytics modules for threat detection and forensic investigation.

Built-in Monitoring Tools

IDS and Full Packet Capture

Network Probe provides a high performance Network IDS, IPS and Network Security Monitoring engine. It captures anomalies and logs network traffic alarms based on defined rules, with the ability to save PCAP of all detected packets for detailed forensic analysis.

NDR (Network Detection and Response)

Network Probe acts as a passive network traffic analyzer supporting investigations of suspicious or malicious activity. It provides extensive logs describing network activity including comprehensive connection records, application-layer transcripts (HTTP sessions, DNS requests, SSL certificates, SMTP content), and support for external SIEM integration for querying and analysis.

NetFlow Collection

Network Probe includes a multi-flow accounting feature supporting NetFlow v5/v9, IPFIX and sFlow packets on multiple interfaces (IPv4 and IPv6). Beyond collecting flows, it can classify, aggregate, replicate to 3rd party collectors, and export forwarding-plane data for comprehensive traffic visibility.

• Installation
• Management Interface
• Technical Configuration