Any files you upload that are not already in NetworkSage's Secflow format will be processed to capture the Secflows. All other formats will be scheduled for deletion, as they are not part of our analysis.
Additionally, we do not process any internal-to-internal (commonly referred to as East-West) traffic from your uploads (with the exception of DNS for naming).
All samples are private by default but can be shared by providing the public link to another person. This means that no other user can view any sample created by you unless you explicitly share it. However, all samples uploaded by customers of the Free tier may be searchable in future versions of the product. This is similar to how other leading analysis platforms store and share data.
Currently, we support processing PCAP, PCAPNG, and Zeek (conn.log and dns.log in JSON and TSV formats) files, in addition to our own Secflow format. However, we can support any file formats that contain the following information:
The privacy and security of your data is of utmost importance, and we acknowledge that many types of organizations cannot share full packet capture data. Because of this, we have created an open-source converter that allows customers to turn their network data into our Secflow format locally. You can access this Python functionality via pip here.
It is also possible to install Zeek on your local system, process your PCAP (via
zeek -C -r), and upload the conn.log and dns.log. This will enable you to avoid sharing any payload information.
While currently not possible, this is a use case that we are interested in supporting. If this is absolutely critical to your use, please contact us at firstname.lastname@example.org!
NetworkSage was built to fill a critical gap that has existed in the security industry for many years. To learn more about this gap and why it existed (until now!), read our blog post. We also have blog posts describing how NetworkSage compares to Sandbox and SEG technologies.
NetworkSage is not a detection platform. Instead, we are focused on:
One important point is that you are welcome to use data from the platform to build your own detections, but our focus will not be on creating more alerts for specific attacks. For more information on how to leverage NetworkSage, please check out our Use Cases document.
Yes! We have rich, well-documented functionality that is available predominantly through our APIs. Our docs can be found here.
In order to help everybody be successful as quickly as possible, following are some common issues. If none of these seem to describe your problem, please email us at email@example.com and/or join our Slack community.
We have a growing Slack community that allows members of the security community to openly share and discover with others. To access our group, please click here.
Thank you in advance for helping us to keep our platform as sane and secure as possible! Please contact us at firstname.lastname@example.org with any information you have.