Any files you upload that are not already in NetworkSage's Secflow format will be processed to capture the Secflows and immediately deleted from our infrastructure. This means that your upload will only exist on our infrastructure for (on average) less than a minute. We do this because we recognize that uploaded files (such as PCAPs) can contain sensitive data that should not be retained or shared.
Additionally, we do not process any internal-to-internal (commonly referred to as East-West) traffic from your uploads (with the exception of DNS for naming), as this traffic does not provide us with any value.
If you are a paying customer, you have the choice to keep your samples private. This means that no user other than you can view any sample created by you.
Currently, we support processing PCAP, PCAPNG, and Zeek (conn.log and dns.log) files. However, we can support any file formats that contain the following information:
The privacy and security of your data is of utmost importance, and we acknowledge that many types of organizations cannot share full packet capture data. If this is prohibiting your using NetworkSage, please contact us at support@seclarity.io. We can build open-source tools that will enable you to keep your full packet capture data local to your environment.
An alternative (and already-supported option) is to install Zeek on your local system, process your PCAP, and share the conn.log and dns.log. This will enable you to avoid sharing any payload information. In the coming days we will share a how-to video that demonstrates this process.
While currently not possible, this is a use case that we are interested in supporting. If this is absolutely critical to your use, please contact us at support@seclarity.io!
NetworkSage was built to fill a critical gap that has existed in the security industry for many years. To learn more about this gap and why it existed (until now!), read our blog post. We also have blog posts describing how NetworkSage compares to Sandbox and SEG technologies.
NetworkSage is not a detection platform. Instead, we are focused on:
One important point is that you are welcome to use data from the platform to build your own detections, but our focus will not be on creating more alerts for specific attacks.
The team is making excellent progress on creating user-friendly APIs to access everything that can be accessed in the UI. Look for an announcement from us in the near future.
Thank you in advance for helping us to keep our platform as sane and secure as possible! Please contact us at dev@seclarity.io with any information you have.