Introduction to the NDR Platform

The NDR platform is a modern, Suricata-powered Network Detection and Response solution consisting of two tightly integrated components:

  • Sensor — A high-performance, passive (IDS) appliance/VM that performs native packet capture using AF_PACKET, deep protocol decoding, file extraction, JA3/JA4 fingerprinting, and multi-layered analysis. Sensors log all events (alerts, flows, protocol logs, netflow, fileinfo, stats) to a local Unix socket for zero-copy, low-latency forwarding to the Manager.
  • Manager — The centralized control plane providing policy orchestration, configuration management, advanced analytics, visualization, reporting, auditing, and update distribution. The Manager consumes events from the Sensor’s Unix socket via a lightweight adapter, enriches them, and routes them through the real time analytic engine.

Event Flow (Highlighting Unix Socket Logging):
VariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches
Next to read:
Installation Options
null
On This Page
Introduction to the NDR Platform