Real-Time Network Detection and Response - Network Monitoring and Forensics


Go beyond limited network traffic analysis with NetworkXDR. Rapidly detect, analyze, and respond to threats with LogRhythm NetworkXDR’s advanced security analytics, centralized search and visualizations, and security orchestration, automation, and response (SOAR) technology.


When attackers compromise the perimeter or are operating from within, you need to know. Evidence of intruders and inside threats lies within network communications. Detect network-based threats with real-time network monitoring and big data analytics. Expedite investigations by giving your incident responders access to rich forensic data. Get the visibility you need with Network Monitor.

Network XDR
Netmon Sans

With more traffic than ever passing through our environments, and adversaries who know how to blend in, network security analysts need all the help they can get. At the same time, data is leaking out of our environments right under our noses. In Packets Don't Lie: LogRhythm Netmon Freemium Review, SANS provide intelligent insight into LogRhythm's Freemium offering of Netmon to help organizations to identify sensative data leaving the network and how to respond when the loss occurs.

The Power of LogRhythm NetworkXDR

The Information You Need at Your Fingertips

The Information You Need at Your Fingertips

Get detailed network information and forensic insights without requiring dedicated network forensic experience or spending substantial amounts of time performing detailed forensic or packet analysis.
Recognition and Categorization of 3,500+ Applications

Recognition and Categorization of 3,500+ Applications

Expedite network forensics to quickly qualify and alert on suspicious activity using deep packet inspection and advanced classification methods.
Customizable Dashboards and Risk-Based Alarms

Customizable Dashboards and Risk-Based Alarms

Focus your attention where it’s needed the most. Real-time threat intelligence corroborates alarms and prioritizes risk so your team can easily spot the most concerning threats. Rapid alarm triage, pivot search, and integrated case management give your team the tools it needs to respond fast.
Automated Threat Remediation

Automated Threat Remediation

Enable a wide variety of detection and remediation efforts that accelerate threat detection, investigation, and response with SmartResponse Automation.
LogRhythm Labs Research

LogRhythm Labs Research

Embed the latest in advanced network threat detection into your security operations center (SOC) with our LogRhythm Labs team’s regularly updated network-specific research, such as models for TTP and IOC scenario-based threat detection and threat hunting dashboards.
Detect and Respond to Threats Faster Than Ever

Detect and Respond to Threats Faster Than Ever

Achieve the same power and responsiveness behind the most powerful security operations platform on the market, including advanced analytics and embedded SOAR technology.


Empower Your Incident Response Team - NetworkXDR in Action

Do you know what’s happening in your network? Spot network-based attacks before intruders do serious damage. LogRhythm’s Network Monitor sensors capture all network communications, including full session packet captures. Incident responders can search network communication records in just seconds to understand who did what—and when. LogRhythm NetworkXDR enables your team to detect and respond to a wide range of network-borne threats that fall under the radar of or may be undetectable by other network security solutions, such as:

 Unauthorized cloud services usage  Bitcoin mining  Low and slow data leak  Compromised server used in lateral movement
 Unauthorized peer-to-peer usage  Botnet activity  SCADA attacks  Privileged user reconnaissance in internal network

Efficiently Capture Network Sessions

Record application layer (Layer 7) details and packet data for all network sessions using SmartFlow™. You get full packet visibility—across weeks or months—with minimal storage requirements.

Quickly Search Across Session Data

Perform ad hoc analysis. Get to the right critical network capture data fast. With our Elasticsearch backend, you have a powerful “Google-like” search engine to streamline your investigation.

Capture Every Bit with Full Packet Capture

When you need to see every bit crossing your fiber, full Layer 2 through Layer 7 packet capture gives you the deepest insight possible. All captures are stored in industry standard PCAP format so your team can use existing tools and training.

Intelligently Capture Only What You Need

It can be prohibitively expensive to perform full capture for 100% of your traffic. SmartCapture™ allows you to automatically capture sessions based on application or packet content. Use it to drastically reduce your storage requirements while delivering IR teams what they need.

Know the Actual Application in Use

Network Monitor can identify over 2,500 unique applications, providing rich visibility into network sessions. We leverage a variety of techniques to determine the true application and can do so even when payloads are encrypted.

See the Hard-to-See with Deep Packet Analytics™

With LogRhythm Labs you have a cutting edge research team at your side. Use their out-of-the-box Deep Script™ rules to perform run-time analytics across full packet data in order to detect advanced threats. Create your own Deep Script™ rules to get custom insight into your network.

You’ve Detected a Threat. Now What?

Unlike many network traffic analysis (NTA) solutions, LogRhythm NetworkXDR doesn’t stop at detection. Use embedded SOAR technology to let your team streamline and automate incident investigation and response tasks so they can respond to threats on your network faster than ever.

Out-of-the-Box SOAR Capabilities:

  • Automate incident response with prebuilt LogRhythm SmartResponse Automation for a wide range of third-party technologies
  • Collaborate and track remediation with Case Management and Playbooks
  • Measure SOC effectiveness with Case Metrics and Reporting
  • Enrich investigations around incident response with Contextualization

Flexible Deployment Options

LogRhythm NetworkXDR sensors deploy via TAP, SPAN, GRE, or integration with a third-party packet broker to integrate easily within your infrastructure. Deployment support options and services are also available.

Highly Scalable 10 Gbps Appliances

Highly Scalable 10 Gbps Appliances

Network Monitor appliances support bandwidths of up to 10 Gbps. It can keep up as your network demands grow.
Software Appliances for Remote Sites

Software Appliances for Remote Sites

Network Monitor is also available as a software-based appliance, with licensing levels starting at 10 Mbps. This cost-effective and flexible solution is a great choice for monitoring low bandwidth remote sites.
See into Your Virtual Environment

See into Your Virtual Environment

Improve your visibility into virtual environments and cloud infrastructure by running Network Monitor as a virtual sensor for virtual switches.


See what LogRhythm Network XDR can do for you!
Try the Freemium Version Today




Trusted by the Best