logrhythm.com
community
support
university
feedback

NetMon
NetMon Deep Packet Analytics
Current: Deep Packet Analytics Rule Examples

Deep Packet Analytics Rule Examples

The following rules illustrate how to use different functions to set or retrieve values in various metadata fields.

Alarm for HTTPS Protocol Mismatch

Capture Traffic from Specific IPs

Classify Custom Networks

Classify Newegg Traffic

Detect Applications in Flow

Detect External Network Traffic

Detect Protocol Mismatch

Detect Reverse PowerShell

Detect SMTP Domain Mismatch

Detect TLS Version

Display Hex Dump for DNS Traffic

Get Content in Flow

Get FTP Data Content in Flow

Get Metadata Fields from DpiMessage (String, Int, Long)

Get or Set Custom Fields

Get Packet Length

Get Packet String

Get Payload Length

Get SMTP Content in Flow

Get Strings as Table

Get VLAN Offset

Trigger User Alarms

Copyright © 2023 LogRhythm, Inc. All Rights Reserved • Powered by Scroll Viewport and Atlassian Confluence