ExtraHop named a Leader in the 2025 Forrester Wave™: Network Analysis And Visibility Solutions

Search
Get a Demo
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

NDR & NPM Detections

How ExtraHop Modern NDR and NPM Expose the Truth in Your Traffic

Network traffic is the ground truth. ExtraHop unifies NPM and NDR to eliminate blind spots. Our stream processor decodes traffic at line-rate for immediate performance insights, while cloud-scale ML establishes behavioral baselines to detect anomalous threats.

  • NPM: Resolve outages and latency 12x faster.
  • NDR: Stop evasive attacks like lateral movement and exfiltration.

See the truth across hybrid-cloud environments before business disruption.

Detection Platforms

Filters

Tags

Decryption Options

Category

AAA Authentication Errors
Authorization & Access Control
AD Certificate Template Enumeration Activity
IdentityTLS DecryptionActive Directory Decryption
AD Credential Theft with ntdsutil
depiction of detection: AD Credential Theft with ntdsutil
ExploitationIdentityActive Directory Decryption
AD Database File Transfer over SMB
depiction of detection: AD Database File Transfer over SMB
Actions on ObjectiveIdentityActive Directory Decryption
AD Explorer Snapshot Activity
ReconnaissanceTLS Decryption
AS-REP Roasting LDAP Reconnaissance Activity
depiction of detection: AS-REP Roasting LDAP Reconnaissance Activity
ReconnaissanceIdentityTLS DecryptionActive Directory Decryption
AWS Cloud Service Enumeration
depiction of detection: AWS Cloud Service Enumeration
Reconnaissance
AWS Instance Metadata Service (IMDS) Proxy
depiction of detection: AWS Instance Metadata Service (IMDS) Proxy
Exploitation
Active Directory Domain Services Exploit Attempt - CVE-2022-26923
depiction of detection: Active Directory Domain Services Exploit Attempt - CVE-2022-26923
Lateral MovementTLS Decryption
AdFind Activity
depiction of detection: AdFind Activity
ReconnaissanceTLS DecryptionActive Directory Decryption
Adobe ColdFusion Exploit Attempt - CVE-2018-15961
ExploitationTLS Decryption
Alias Member Enumeration Attempt
depiction of detection: Alias Member Enumeration Attempt
Reconnaissance
Anonymous FTP Login
Hardening
Apache APISIX Exploit Attempt - CVE-2022-24112
depiction of detection: Apache APISIX Exploit Attempt - CVE-2022-24112
ExploitationTLS Decryption
Apache ActiveMQ Exploit - CVE-2023-46604
depiction of detection: Apache ActiveMQ Exploit - CVE-2023-46604
ExploitationTLS Decryption
Apache CouchDB Exploit Attempt - CVE-2017-12635
ExploitationTLS Decryption
Apache HTTP Server Path Traversal Exploit - [Multiple CVEs]
Exploitation
Apache Solr Exploit - CVE-2019-17558
depiction of detection: Apache Solr Exploit - CVE-2019-17558
ExploitationTLS Decryption
Apache Solr Exploit Attempt - CVE-2019-0193
ExploitationTLS Decryption
Apache Spark Exploit Attempt - CVE-2022-33891
depiction of detection: Apache Spark Exploit Attempt - CVE-2022-33891
ExploitationTLS Decryption
Apache Struts 2 Exploit Attempt - CVE-2017-9805
depiction of detection: Apache Struts 2 Exploit Attempt - CVE-2017-9805
ExploitationTLS Decryption
Apache Struts 2 Exploit Attempt - [Multiple CVEs]
depiction of detection: Apache Struts 2 Exploit Attempt - [Multiple CVEs]
Exploitation
Apache Tomcat JSP Exploit Attempt - [Multiple CVEs]
depiction of detection: Apache Tomcat JSP Exploit Attempt - [Multiple CVEs]
Exploitation
AsyncRAT Malware Activity
depiction of detection: AsyncRAT Malware Activity
Command-and-Control
Atlassian Bitbucket Server and Data Center Exploit - CVE-2022-36804
depiction of detection: Atlassian Bitbucket Server and Data Center Exploit - CVE-2022-36804
ExploitationTLS Decryption
Atlassian Confluence Exploit - CVE-2021-26084
depiction of detection: Atlassian Confluence Exploit - CVE-2021-26084
ExploitationTLS Decryption
Atlassian Confluence Exploit - CVE-2022-26134
depiction of detection: Atlassian Confluence Exploit - CVE-2022-26134
ExploitationTLS Decryption
Atlassian Confluence Exploit - CVE-2023-22518
depiction of detection: Atlassian Confluence Exploit - CVE-2023-22518
ExploitationTLS Decryption
Atlassian Confluence Exploit Attempt - CVE-2023-22518
ExploitationTLS Decryption
Atlassian Crowd Exploit - CVE-2019-11580
depiction of detection: Atlassian Crowd Exploit - CVE-2019-11580
Exploitation

Showing 30 of 519 detections