Netapprove
Pillar 01 / SEE

You can’t defend
what you can’t see.

Netapprove starts every customer engagement with the same question: do you actually know what’s on your network? Within minutes of plugging into a SPAN port, you have a living inventory, a global flow map, and a per-device behavior fingerprint, with zero agents and zero downtime.

/traffic · 3D FLOW Real-time 3D globe view of inbound and outbound network flows

The 3D Traffic Globe

A real-time WebGL globe rendered from your conn.log. Cyan arcs are inbound, orange are outbound. Auto-rotates, filterable by direction, country, host, or peer. Click any arc to drill into the flow.

  • Live bps / conns / new-peer counters
  • Top services, top countries, top peers in window
  • Threat cards inline with the geo view
/traffic 3D traffic globe

The Network Graph

A force-directed map of every device and every conversation seen on the wire. Cluster colors map to subnet, to anomaly score, or to inferred role. The shape of your network, literally.

  • Zoomable to thousands of nodes
  • Color-coded by anomaly score and role
  • Filter by tag, subnet, country, or service
/graph Force-directed network graph

Inventory & Identity

Every MAC, every IP, every hostname, reconciled across DHCP, NTLM, Kerberos, LDAP and RADIUS into one identity graph. The community-id correlation key threads each conversation across every log so an asset is never just "an IP".

  • Auto-classified device types (workstation / server / IoT / OT)
  • First-seen / last-seen with peer-set baseline
  • Owner, location, and role from your CMDB
/inventory Device inventory page

Cross-Protocol File Audit

One unified timeline of every file moved on the network: SMB, FTP, HTTP, SMTP. Hash-matched, MIME-classified, and tied back to the host and account that initiated the transfer.

  • Detects mass file egress and ransomware fanout
  • YARA / hash matching at ingest
  • Forensic timeline export
/file-audit File audit timeline

Unified Authentication View

Every login attempt, SSH, web, NTLM, Kerberos, RADIUS, LDAP, in one queryable timeline. Brute force, credential stuffing, and impossible-travel detection ride on top.

/auth Authentication audit page

DNS & Crypto Discovery

DNS Traffic surfaces tunneling, DGA, and beaconing. Crypto Discovery inventories every TLS suite, certificate, and SSH key, including a post-quantum readiness audit.

/crypto Cryptographic discovery dashboard

IoT & OT Without Agents

Printers, cameras, PLCs, SCADA. Anything you can’t install software on, Netapprove still discovers, fingerprints, and baselines from the wire alone.

/iot-ot IoT and OT inventory

Visibility is step one.
Now teach it what matters.

Once Netapprove sees everything, the AI starts to learn what’s normal, and what isn’t.

Continue to Learn → All Live Views