TEHTRIS NTA is a tactical solution for analyzing your network flows in real time, using flow capture, metadata (Netflow) and passive audit mechanisms.

Network Traffic Analysis

TEHTRIS NTA is a tactical solution for analyzing your network flows in real time, using flow capture, metadata and passive audit mechanisms. Depending on its position in your infrastructure, TEHTRIS NTA can monitor both north/south and east/west flows. Several modules are available in TEHTRIS NTA, including signature-based detection and behavioral-based techniques. All flows are continuously learned to perform advanced analysis and detect network anomalies.

By recording metadata in Netflow mode, TEHTRIS NTA offers the ability to go back in time, finding out who spoke to whom, when and how. Unlike many products, TEHTRIS NTA does not require the use of a SIEM to be useful, since the solution is directly integrated into the TEHTRIS XDR Platform to enrich this ecosystem. In addition, TEHTRIS NTA is not limited to signature features or analysis of user behavior to raise alerts.

Latest Updates

  • Added new dashboard features on alerts
  • Added Data Science features on alerts
  • Implementation of compatibility between TEHTRIS alerts and MITRE Att&ck rules
  • Integration of TEHTRIS NTA into the new TEHTRIS XDR Platform console
  • More than 50,000 security signatures by default for the OT and IT world

why tehtris NTA?


TEHTRIS NTA offers unique network flow monitoring functionalities with a signature-based NIDS component, a Network Forensic-type component integrating a tactical behavioral engine, and passive auditing to reduce the area of exposure.


TEHTRIS NTA incredibly simplifies the complexity of network monitoring projects, with TEHTRIS taking on the deployment and maintenance of operational conditions.


TEHTRIS NTA can be your network monitoring probe, natively integrated to the TEHTRIS XDR Platform with tools for SOAR, CTI, Hunting, Compliance, incident management, etc.


TEHTRIS NTA can easily work with IT or OT environments, thanks to its internal engines. Dealing with IT, we can regularly catch unwanted activities like backdoors with C&C. And inside the OT world, we clearly offer a strong advantage with the passive audit feature as we can detect legacy security issues, hidden in complex plants, etc.


TEHTRIS NTA does not modify systems in production, simply adding passive collection points, without the risk of breaking the elements in place.


Security: TEHTRIS NTA runs on Appliances using the TEHTRIX distribution, which is fully disk encrypted, with advanced protection mechanisms such as RBAC in the kernel and 0day protections.

some numbers

1 rules

of detections covering all ranges of attacks from industrial to corporate networks

- 99 hours

Permanent update of
detection rules without
human intervention

999 day

Number of days to deploy a TEHTRIS NTA appliance with sniffers and configured alarms

Mitre Att&ck compliance

MITRE ATT&CK is a knowledge base with a modeling of the behavior of a cyber attacker, illustrating all phases of a cyber attack’s life cycle in relation to targeted platforms: Windows, Mac, Linux, mobile, etc.

Discover the compatibility of TEHTRIS XDR with MITRE ATT&CK

© 2020 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.


TEHTRIS NTA offers several functionalities, with three main axes which are the network intrusion detection system (NIDS), the passive auditing system, and the network forensic system.

We monitor all possible standard network flows, from Layer 3 to Layer 7.

We have the ability to detect the use of suspicious certificates used in particular by many backdoors that try to filter out in an encrypted manner.

The NIDS part is based on signatures, while the network forensic part uses behavioral rules, for example to detect lateral movements and horizontal or vertical scans.

TEHTRIS NTA directly builds its flow collection in the Netflow spirit, keeping the metadata related to the communications between the different devices.

It is advisable to position analysis on strategic points, such as the entry/exit part of a sensitive network.

TEHTRIS NTA includes its own passive audit engine to detect all vulnerable machines on your infrastructure.