Network Monitoring

Astral provides a native network monitoring capability designed to deliver intrusion detection and continuous visibility at the network level. This component functions as an Intrusion Detection System (IDS), responsible for identifying suspicious, anomalous, or malicious activity by observing network communications within the environment. Its objective is to detect threats that may not be visible through logs alone, complementing other sources of security telemetry.

Network monitoring is performed through the Inopli Agent, which analyzes network traffic and derives security-relevant metadata for inspection. The focus is on understanding communication patterns, protocol behavior, and deviations from expected network activity. By evaluating these characteristics, Astral is able to detect indicators of compromise, misuse of network services, lateral movement, and other behaviors commonly associated with cyber intrusions.

Events generated by the network monitoring capability are processed through Astral’s standard analysis pipeline. Network detections are analyzed, normalized, and correlated with events from other data sources, such as system logs, identity activity, endpoint signals, and external risk indicators. This correlation provides broader context, improves detection accuracy, and helps distinguish true incidents from isolated or benign anomalies.

By integrating network-based intrusion detection directly into the Astral SIEM, network security signals become part of a unified operational flow. Detected threats are immediately available for identification, prioritization, and response through Inopli’s Response and RPA capabilities, ensuring that network-level risks are addressed as part of a coordinated and auditable security operation.