Air-gap deployable. Native parsers for 16+ OT and IoT protocols. AI-ready threat hunting. Built for environments where signature-based detection alone falls short.
Fully offline operation. No cloud APIs required. GeoIP and reputation caches persist locally for classified and isolated networks.
Native parsers for 16+ industrial protocols — from Modbus PLCs to OPC UA controllers, BACnet to ROS 2/DDS. Full list below →
MCP server exposes structured query and hunt tools to Claude and other AI assistants for conversational threat hunting.
Basic through Enterprise licensing with Ed25519-signed enforcement embedded directly in Parquet metadata.
Native Suricata parsers plus Rockfish protocol plugins. Every packet decoded, every command logged, every anomaly detected.
Modbus · DNP3 · S7comm · PROFINET · EtherNet/IP · EtherCAT · CANopen
IEC 61850 (MMS) · IEC 60870-5-104
OPC UA · MQTT · CoAP · LwM2M
RTPS / DDS (ROS 2)
BACnet
ASTERIX
Predictive behavioral ML detection purpose-built for deterministic OT networks. Learns what's normal. Flags what isn't. No signatures required.
Detects PLC enumeration and unauthorized write commands
Catches unauthorized control relay and restart commands
Identifies topic injection, unauthenticated access, and sensor flooding
Flags PLC program uploads, diagnostic commands, and CPU manipulation
Compliance-ready for CMMC AU/SI, NERC CIP, and IEC 62443
Deploy Rockfish NDR in minutes. Single binary. No dependencies. Full pipeline.
Now we want to prove it.
We are looking for defense contractors and C3PAOs to deploy Rockfish NDR in a production environment at no cost. Slots are limited.
Requirements are simple: you run it, we support it, you tell us what you think. If that sounds like a fair trade, let's talk.