logrhythm.com
community
support
university
feedback

NetMon
Current: NetMon Deep Packet Analytics

NetMon Deep Packet Analytics

This section describes NetMon's Deep Packet Analytics, powered by the Lua API, and how to view, add, edit, and delete Deep Packet Analytics Rules.

Available Functions

Determine Flow State

Access Metadata

Packet-Level Functions

Alarming and Capture

Custom Metadata Fields

Deep Packet Analytics System Rules

Suspicious Behaviors

Operations and Company Policy Rules

Add a Custom DPA Rule to NetMon

Deep Packet Analytics Rule Examples

Alarm for HTTPS Protocol Mismatch

Capture Traffic from Specific IPs

Classify Custom Networks

Classify Newegg Traffic

Detect Applications in Flow

Detect External Network Traffic

Detect Protocol Mismatch

Detect Reverse PowerShell

Detect SMTP Domain Mismatch

Detect TLS Version

Display Hex Dump for DNS Traffic

Get Content in Flow

Get FTP Data Content in Flow

Get Metadata Fields from DpiMessage (String, Int, Long)

Get or Set Custom Fields

Get Packet Length

Get Packet String

Get Payload Length

Get SMTP Content in Flow

Get Strings as Table

Get VLAN Offset

Trigger User Alarms

Manage Deep Packet Analytics Rules

Download Deep Packet Analytics Rules

View a System Deep Packet Analytics Rule

Edit Custom Deep Packet Analytics Rules

Delete Custom Deep Packet Analytics Rules

Add Custom Deep Packet Analytics Rules

Troubleshoot Deep Packet Analytics

Copyright © 2023 LogRhythm, Inc. All Rights Reserved • Powered by Scroll Viewport and Atlassian Confluence