How does NetSenX differ from traditional IDS/IPS?

NetSenX uses behavioral analysis of network flows rather than signature matching. The proprietary LGGT+ engine assigns a continuous risk score [0,1] using multi-valued logic instead of binary safe/threat verdicts. This detects zero-day attacks, new malware variants, and unknown threats that signature-based systems miss entirely.

Does the agent capture packet contents?

No. The NetSenX agent processes only flow metadata: source/destination IP, ports, protocol, byte counts, duration, and TCP flags. Packet payloads are never captured, stored, or transmitted. This design is GDPR-compliant by default.

How quickly can I deploy NetSenX?

Most customers see first alerts within 30 minutes of installation. Linux: one curl command. Windows: one PowerShell script. No firewall rule changes. No endpoint agents on every device. No infrastructure modifications required.

Does NetSenX support OT/ICS environments?

Yes. NetSenX provides native protocol analysis for Modbus/TCP, DNP3 (port 20000), and BACnet (port 47808). The agent runs passively — zero operational impact on PLCs, SCADA systems, or production networks. Available from the Business plan.

What does the NIS2 Art.23 report contain?

The automatically generated NIS2 Art.23 incident report includes: incident description, affected systems, attack timeline, risk assessment, actions taken, and recommendations for remediation. It is formatted for direct submission to your national CSIRT or supervisory authority.

Where is my data stored?

All data is processed and stored in the EU, specifically in the Frankfurt AWS region. Zero transfers to the United States. Alert data is automatically deleted 90 days after subscription end, in compliance with GDPR.

Can I integrate NetSenX with my SIEM?

Yes. NetSenX provides REST API and webhooks for integration with Splunk, Elastic SIEM, and Microsoft Sentinel. Native SIEM export is available from the Professional plan.

What happens when my subscription expires?

4 days of full functionality after expiration. From day 5, limited mode (equivalent to Free plan). Data preserved for 90 days. Renewal restores full access without data loss or reinstallation.

How is NetSenX different from Darktrace or Vectra AI?

Darktrace and Vectra AI use black-box ML models with no explainability. NetSenX LGGT+ engine generates a SHAP waterfall trace per alert — exactly which network features contributed to the detection and by how much. Darktrace costs €80,000–€300,000/year with 6–12 month deployment. NetSenX starts at €0 and deploys in 30 minutes.

What data does the agent never collect?

The NetSenX agent never captures packet payloads, application data, usernames, passwords, or file contents. It processes only network flow metadata: IPs, ports, protocol, byte counts, duration, TCP flags.

How long does proof-of-value take?

Most customers see first alerts within 30 minutes. A typical proof-of-value runs 2 weeks: week 1 is deployment and baseline learning, week 2 is validating detected threats and false positive rate.

What does onboarding require from my IT team?

One person, one hour. One curl command on a Linux or Windows host. The agent runs as a system service with minimal privileges. No firewall changes, no endpoint agents on every device, no infrastructure modifications.

Can I start with one site and scale later?

Yes. The Free plan covers 3 devices — enough to validate on one network segment. Starter adds up to 10 devices. Upgrade at any time without data loss or reinstallation. Business plan scales to 100 devices with OT/ICS protocols.

What does my compliance team get out of the box?

Automatic NIS2 Art.23 reports, GDPR Art.33 breach register, Proof Trail JSON per alert, complete audit log of every user action. All formatted for direct regulatory submission.

How is this different from SIEM-only detection?

SIEM aggregates logs after the fact. NetSenX detects behavioral anomalies in real-time from network metadata — before logs exist. It identifies threats in <1 second and complements SIEM without requiring endpoint agents.

Who should deploy NetSenX first — IT or security?

Either works. Most start with a security analyst or IT manager on one network segment. No security engineering required. Typical first users: IT Manager, Network Admin, SOC Analyst.

What does NetSenX NOT do?

NetSenX does not inspect packet payloads, require endpoint agents on every device, replace SIEM, provide EDR or antivirus, or require firewall rule changes. It is a passive behavioral network detection layer that complements existing security infrastructure.

How long does a pilot take?

2 weeks is typical. Week 1: deployment and baseline learning. Week 2: validate detected threats and false positive rate. Optional week 3 for compliance reporting review.

When should I choose NetSenX instead of SIEM-only?

When you need detection of unknown threats not in any signature database, explainable alerts ready for regulatory review, OT/ICS protocol visibility (Modbus, DNP3, BACnet), or NIS2/GDPR compliance reporting without manual log parsing.

NetSenX is a behavioral cybersecurity platform built for NIS2 compliance and EU mid-market organizations. It uses the proprietary LGGT+ detection engine — combining multi-valued Łukasiewicz logic with behavioral network flow analysis and anomaly detection — to detect unknown threats without signature databases. NetSenX provides explainable AI alerts via SHAP waterfall visualizations, native OT/ICS protocol support (Modbus, DNP3, BACnet), and automatic NIS2 Art.23 incident reports. It deploys in 30 minutes via a single curl command, targets manufacturing, energy, healthcare and finance companies with 200–2000 employees in the European Union, and is built by TriStiX S.L. (Alicante, Spain).

NIS2 compliance software for manufacturing, energy & healthcare — 200–2000 employees

Your SIEM missed it.
NetSenX caught it in <1s.

NetSenX is a behavioral network threat detection platform built for NIS2 compliance and GDPR — using the proprietary LGGT+ engine to detect threats unknown to signatures, deliver SHAP-explainable alerts with full decision trace, and auto-generate NIS2 Art.23 reports. 87% fewer false positives. Deploys in 30 minutes. EU data residency.

⚠ Average EU breach cost: €4.2M · Average SIEM detection time: 15–90 min · NIS2 Art.23 deadline: 72 hours

Start free trial — no credit card Book 20-min demo See sample NIS2 report

🔒 EU data residency (Frankfurt) · ⚡ No endpoint agents · ✓ No firewall changes · 🏛 NIS2 Art.23 + GDPR Art.33

<1sAlert latency

30 minDeploy & first alert

87%Fewer false positives
vs signature IDS

€0Free forever · 3 devices

NetSenX — Live Alert Center LIVE

THREAT LEVEL

CRITICAL

3 active

PROTECTED

247

devices

ALERTS TODAY

↓4 vs yesterday

RECENT DETECTIONSlast 24h

CRITC2_BEACON192.168.14.22→94.232.41.100.94BLOCKED

HIGHDATA_EXFIL10.0.3.55→185.220.101.70.88BLOCKED

HIGHLATERAL_MOVE172.16.8.10→172.16.8.0/240.81ALERTED

MEDPORT_SCAN10.10.1.200 scan detected0.74ALERTED

SHAP — C2_BEACON · Score 0.94

threat_ip_score

+0.42

upload_ratio

+0.31

off_hours_flag

+0.19

bytes_in_norm

−0.08

⚡ LIVE

192.168.14.22 → C2_BEACON score:0.94 BLOCKED 10.0.3.55 → PORT_SCAN score:0.87 ALERTED 172.16.8.101 → DATA_EXFIL score:0.91 BLOCKED 192.168.2.77 → SHADOW_AI score:0.76 ALERTED 10.10.1.200 → BRUTE_FORCE score:0.89 BLOCKED 192.168.50.9 → LATERAL_MOVE score:0.83 ALERTED 192.168.14.22 → C2_BEACON score:0.94 BLOCKED 10.0.3.55 → PORT_SCAN score:0.87 ALERTED 172.16.8.101 → DATA_EXFIL score:0.91 BLOCKED 192.168.50.9 → LATERAL_MOVE score:0.83 ALERTED

// WHAT IS NETSENX

NetSenX is a behavioral network threat detection platform built specifically for European mid-market companies under NIS2 and GDPR compliance obligations. It operates as a passive network sensor — analyzing flow metadata in real-time without capturing packet payloads or requiring endpoint agents.

The platform uses the proprietary LGGT+ detection engine — combining multi-valued logic with behavioral flow analysis — to assign a continuous risk score [0–1] to each network flow. Unlike binary-verdict systems, this approach dramatically reduces false positives while maintaining detection coverage for zero-day attacks, C2 beaconing, lateral movement, and data exfiltration.

// KEY DIFFERENTIATORS

→ No signatures required. Detects unknown threats and zero-days invisible to Snort, Suricata, or legacy SIEM rules.

→ Full explainability. Every alert includes a SHAP waterfall trace — the exact network features that triggered detection, weighted by contribution.

→ NIS2-native reporting. Generates Art.23 incident reports and GDPR Art.33 breach documentation in one click — audit-ready for CSIRT or supervisory authority.

→ OT/ICS native. Analyzes Modbus/TCP, DNP3, and BACnet passively — zero operational impact on PLCs or SCADA systems.

Positioning: Between €0 (signature IDS) and €300k/yr (Darktrace/Vectra) — behavioral detection at mid-market price

Primary keywords: NIS2 compliance software · network anomaly detection EU · OT security monitoring

NIS2 COMPLIANCE SOFTWARE

NetSenX is an NIS2 compliance software platform that automates NIS2 Art.23 incident reporting — generating audit-ready 72-hour reports in one click, covering all mandatory fields for EU national CSIRTs.

NETWORK ANOMALY DETECTION EU

NetSenX performs behavioral network anomaly detection without signature databases — using the proprietary LGGT+ multi-valued logic engine to detect unknown threats, zero-days, and malware variants in EU mid-market and OT/ICS networks.

OT SECURITY MONITORING

NetSenX provides passive OT security monitoring with native support for Modbus/TCP, DNP3, and BACnet — the only behavioral detection platform at EU mid-market price with zero operational impact on PLCs and SCADA systems.

// lggt+ engine

Silnik LGGT+

Zastrzeżona architektura łącząca logikę wielowartościową z uczeniem maszynowym.

BEHAVIORAL ENGINE

Zachowanie, nie sygnatury

Classic IDS/IPS rely on known patterns. LGGT+ analyzes network flow behavior in real time — catching zero-days and new malware variants no signature database covers.
→ Less noise. Faster triage. Fewer blind spots.

Detekcja znanych zagrożeń97%

Detekcja zero-day89%

False positive rate2.1%

MULTI-VALUED LOGIC

Logika wielowartościowa

Zamiast binarnego "bezpieczne/zagrożenie" — ciągły scoring ryzyka [0,1]. Rozumie niepewność i gradacje zagrożeń, drastycznie redukując false positives.

XAI · SHAP

Zero black-box

Every alert includes a SHAP explanation — exactly which network flow features contributed to the detection, with full auditability.
→ Faster analyst decisions. Easier audits.

DETECTION RULES

Reguły detekcji

C2_BEACON — Command & Control

DATA_EXFIL — Eksfiltracja danych

PORT_SCAN — Rekonesans sieci

LATERAL_MOVE — Ruch lateralny

BRUTE_FORCE — Ataki słownikowe

SHADOW_AI — Nieautoryzowane AI

OT/ICS SUPPORT

Protokoły przemysłowe

Native analysis of Modbus/TCP, DNP3 and BACnet. Agent runs passively — zero impact on PLCs, SCADA or production systems.
→ Deploy without operational disruption.

KNOWLEDGE GRAPH

MITRE ATT&CK

Ontologia RDF/OWL mapuje alerty na MITRE ATT&CK i automatycznie wskazuje rekomendowane działania IR.

AGENT 24/7

Ciągła ochrona

Agent jako usługa systemowa — nieprzerwanie 24/7. Jeden skrypt curl/PowerShell. Pierwsze alerty w minutach od instalacji.

NIS2 & GDPR

Compliance-ready raporty

Automatyczne generowanie raportów NIS2 Art.23 i GDPR Art.33 z pełnym Proof Trail. Licznik 72h od wykrycia incydentu — żadnego deadline'u nie przegapisz.
→ Audyt w minuty, nie w godziny.

// how it works

See threats as they happen

Every alert explained, every action logged. From detection to compliance report in minutes — not hours.
→ Faster investigation · less manual work · easier audits

netsenx — dashboard · app.netsenx.com

AKTYWNE ALERTY — ostatnie 24h

CRITICAL

RULE_C2_BEACON

192.168.14.22 → 94.232.41.10:4444 · 2m temu

0.94

HIGH

RULE_DATA_EXFIL

172.16.8.101 → 185.220.101.45:443 · 8m temu

0.87

MEDIUM

RULE_PORT_SCAN

10.0.3.55 → 10.0.0.0/24 · 15m temu

0.71

MEDIUM

RULE_BRUTE_FORCE

192.168.1.44 → 192.168.1.1:22 · 31m temu

0.68

RISK SCORE THRESHOLD

0.70

MITRE ATT&CK

T1071 — C2T1046 — ScanT1110 — Brute Force T1041 — ExfilT1021 — LateralTA0011 — C&C

// why netsenx

Why NetSenX, not SIEM alone or IDS/IPS alone

Three specific problems that traditional tools leave unsolved. Each pillar maps to a real gap in your security stack.

Catch what signatures miss

Problem: Signature tools miss novel attacks.
NetSenX behavioral detection with SHAP-explainable scoring catches zero-days, C2 beaconing and lateral movement — powered by the proprietary LGGT+ engine.

LGGT+SHAPMITRE

Protect OT without disruption

Problem: Most security tools break OT environments.
NetSenX passively analyzes Modbus, DNP3, BACnet — zero impact on PLCs, SCADA or production systems. Available from Business plan.

ModbusDNP3BACnet

From alert to regulator in one click

Problem: Turning alerts into compliance evidence is manual and slow.
NetSenX generates NIS2 Art.23 and GDPR Art.33 reports instantly, with Proof Trail JSON for full auditability.

NIS2GDPRExplainability

// unique mechanism

Why NetSenX — not Darktrace, Vectra, or legacy SIEM

Every vendor claims "behavioral detection." Here is the concrete mechanism that makes NetSenX the only NIS2-native behavioral threat detection platform at EU mid-market price.

Legacy SIEM / IDS

✗ Signature-only — misses unknown threats
✗ Binary verdict: "safe" or "threat"
✗ Thousands of false positives daily
✗ No explanation — analyst guesses
✗ NIS2 report = 8h manual work
✗ OT protocols ignored or broken

Darktrace / Vectra AI

~ Behavioral detection ✓
~ ML scoring ✓
✗ Black-box — no decision trace
✗ Enterprise pricing (€80k–€300k/yr)
✗ 6–12 months deployment
✗ Not built for NIS2 reporting

NetSenX — LGGT+ Engine

✓ Behavioral + multi-valued logic
✓ Continuous risk score [0–1] · not binary
✓ SHAP trace per alert — full decision audit
✓ From €0 · deploy in 30 min
✓ NIS2 Art.23 report: 1 click · 72h ready
✓ Native Modbus, DNP3, BACnet (OT/ICS)

87%

fewer false positives
vs signature IDS

<1s

detection-to-alert
vs 15–90 min SIEM

€80k+

Darktrace min/yr
NetSenX from €0

1-click

NIS2 Art.23 report
vs 8h manual work

// the LGGT+ detection engine

Multi-valued logic meets behavioral analysis.
No black box. No signatures. Full audit trail.

Instead of binary safe/threat, LGGT+ assigns a continuous risk score [0,1] using multi-valued Łukasiewicz logic combined with behavioral flow analysis and anomaly detection. Every decision generates a SHAP waterfall trace — exactly which network features triggered the alert and by how much. Auditors get documentation, not guesses.

87%

fewer false positives
vs signature IDS

<1s

alert latency
via WebSocket

30 min

from install
to first alert

Flow capture — passive metadata only. No packet payloads. Zero operational impact.

LGGT+ scoring — multi-valued logic assigns continuous risk [0,1] per flow, not binary flags.

SHAP trace — every alert includes a waterfall explanation: which features, which weight, why now.

Auto-report — NIS2 Art.23 or GDPR Art.33 report generated in one click. Proof Trail JSON included.

// real attack scenarios

Three attacks your current stack won't catch

Each scenario maps to a real EU incident pattern. Each would trigger NIS2 Art.23 reporting obligations — and each would cost more than a decade of NetSenX.

C2 BEACONING

Avg. breach cost: €4.2M

Monday 3:47 AM. An employee laptop started sending 400-byte packets every 300 seconds to a server in Moldova. Your SIEM logged it as "outbound HTTP" — no alert. 72 hours later, ransomware encrypted 3 production servers.

NetSenX detection

RULE_C2_BEACON · score 0.94 · alert in <1s

SHAP trace: high upload_ratio + off-hours + threat_ip

NIS2 Art.23 draft auto-generated

MITRE: TA0011 Command & Control · T1071.001

OT LATERAL MOVE

Avg. downtime cost: €280k/hr

Tuesday 2:12 AM. A workstation in the office network began sending Modbus read commands to PLCs on the production floor — a segment it never touched before. No IDS alert. No firewall rule broken. Three hours later, a conveyor stopped.

NetSenX detection

RULE_LATERAL_MOVE · score 0.91 · anomalous Modbus source

New IT→OT flow pattern with no baseline match

Passive — no PLC traffic disruption

MITRE: TA0008 Lateral Movement · T0867 (ICS)

DATA EXFILTRATION

GDPR fine risk: €20M or 4% revenue

Friday 11:58 PM. An insider copied 14 GB of customer records to a personal cloud storage. Upload rate was deliberately slow — under typical DLP thresholds. Signature tools saw nothing. Discovery came 3 weeks later from a customer complaint.

NetSenX detection

RULE_DATA_EXFIL · score 0.88 · sustained high upload_ratio

Destination entropy + off-hours + volume anomaly

GDPR Art.33 breach report auto-drafted

MITRE: TA0010 Exfiltration · T1048

Detect your first threat today — free

SHAP WATERFALL — RULE_C2_BEACON · Score: 0.94

high_port_flag

+0.42

threat_ip_score

+0.31

off_hours_flag

+0.18

upload_ratio

+0.11

bytes_in_norm

-0.08

Urządzenie 192.168.14.22 komunikowało się z podejrzanym IP 94.232.41.10 na porcie 4444 o 03:47. Wysoki threat_ip score (C2 botnet list) oraz upload_ratio wskazuje na aktywność beacon.

// explainable ai

Koniec z czarną skrzynką

Każda decyzja silnika LGGT+ jest w pełni wyjaśnialna. SHAP Waterfall pokazuje dokładnie, które cechy ruchu sieciowego i z jaką wagą przyczyniły się do detekcji.

Dyrektor IT widzi na czym opiera się alert. Analityk SOC podejmuje świadomą decyzję. Audytor ma pełną dokumentację dla organu nadzoru.

✓ Designed for explainability and auditability

// compliance

Zbudowany dla regulacji EU

NIS2 Directive — Art.23
Raport incydentu 72h jednym kliknięciem. Gotowy do CSIRT lub organu nadzoru.
GDPR Art.33 — Breach Register
Rejestr naruszeń, prawo do erasure, eksport danych. Każda akcja w audit logu.
Built for Explainability and auditability support
SHAP wyjaśnienia dla każdej decyzji. Human-in-the-loop dla akcji krytycznych.
EU Data Residency — Frankfurt
100% danych w UE. Zero transferów do USA. GDPR by design.

NETSENX

LGGT+ ENGINE

NIS2
Art.23

GDPR
Art.33

EU AI
Act

Zero
Transfer

NETSENX LGGT+ ENGINE

NIS2
Art.23

GDPR
Art.33

EU AI
Act

Zero
Transfer

NIS2 READY

GDPR breach reporting support

Explainability for regulated environments

EU DATA ONLY

RSA-4096

// who this is built for

Built for specific teams in specific industries

NetSenX is not for everyone. Here is exactly who benefits most — and why.

🏭

Manufacturing · Energy · Utilities

200–2000 employees. Under NIS2 Essential or Important entity. Running OT networks with Modbus, DNP3, BACnet. Need passive monitoring that won't disrupt PLCs or SCADA.

Best fit: Business plan + OT/ICS protocols

🏥

Healthcare · Pharma · Medical devices

GDPR data processors with network-connected medical devices. Need explainable alerts and breach register automation. Compliance officer demands audit trail, not black-box verdicts.

Best fit: Professional plan + GDPR Art.33 automation

🏦

Finance · Fintech · Insurance EU

DORA-affected entities needing network threat monitoring and incident documentation. SOC team of 1–5 analysts. Need low false-positive behavioral detection, not alert fatigue.

Best fit: Professional plan + SIEM export

🔧

IT Manager · Network Admin

No dedicated SOC. Responsible for network security and compliance in one role. Needs: deploy fast, get alerts that make sense, generate reports for board.

Time to value: under 1 hour

🛡️

MSSP · Security Integrators

Managing 5–50 clients. Need multi-tenant platform, white-label reporting, per-client alert isolation and NIS2 compliance documentation at scale.

Best fit: Enterprise plan · multi-tenant

❌

Not for you if…

You need endpoint detection (EDR), antivirus, or SIEM log aggregation. You have 10+ person security engineering team and enterprise budget. You need zero-touch managed detection (MDR service).

NetSenX complements — it doesn't replace — these.

// pricing

Transparent pricing

No hidden costs. Start free, scale as you grow.

Monthly

Annual 2 mo free

SELF-SERVE

COMMERCIAL

ENTERPRISE

FREE

Free

3 devices, free to start

€0

no credit card

✓3 devices
✓8 LGGT+ rules
✓30-day retention
✓Dashboard
✓Email alerts
—PDF reports
—OT protocols

Start for free

STARTER

Starter

SME, up to 10 devices

€49

/month

✓10 devices
✓10 LGGT+ rules
✓60-day retention
✓Email alerts
✓Email support 72h
—PDF reports
—OT protocols

Get Starter

Ready to protect
your network?

Join the beta or book a 20-minute demo.
We respond within 24 hours.

[email protected]

Response time

Within 24 hours

Status

status.netsenx.com

WHAT'S IN THE 20-MIN DEMO

→Live threat walkthrough on a test network
→Compliance workflow: alert → NIS2 report
→SHAP explanation of a real detection
→Deployment model for your environment
→Typical time to first alert: under 30 minutes

Your SIEM missed it.
NetSenX caught it in <1s.

Silnik LGGT+

Zachowanie, nie sygnatury

Logika wielowartościowa

Zero black-box

Reguły detekcji

Protokoły przemysłowe

MITRE ATT&CK

Ciągła ochrona

Compliance-ready raporty

See threats as they happen

Why NetSenX, not SIEM alone or IDS/IPS alone

Catch what signatures miss

Protect OT without disruption

From alert to regulator in one click

Why NetSenX — not Darktrace, Vectra, or legacy SIEM

Multi-valued logic meets behavioral analysis.
No black box. No signatures. Full audit trail.

Three attacks your current stack won't catch

Koniec z czarną skrzynką

Zbudowany dla regulacji EU

NIS2 Directive — Art.23

GDPR Art.33 — Breach Register

Built for Explainability and auditability support

EU Data Residency — Frankfurt

Built for specific teams in specific industries

Transparent pricing

Security, Compliance & Transparency

Pytania i odpowiedzi

Ready to protect
your network?

Your SIEM missed it.NetSenX caught it in <1s.

Silnik LGGT+

Zachowanie, nie sygnatury

Logika wielowartościowa

Zero black-box

Reguły detekcji

Protokoły przemysłowe

MITRE ATT&CK

Ciągła ochrona

Compliance-ready raporty

See threats as they happen

Why NetSenX, not SIEM alone or IDS/IPS alone

Catch what signatures miss

Protect OT without disruption

From alert to regulator in one click

Why NetSenX — not Darktrace, Vectra, or legacy SIEM

Multi-valued logic meets behavioral analysis. No black box. No signatures. Full audit trail.

Three attacks your current stack won't catch

Koniec z czarną skrzynką

Zbudowany dla regulacji EU

NIS2 Directive — Art.23

GDPR Art.33 — Breach Register

Built for Explainability and auditability support

EU Data Residency — Frankfurt

Built for specific teams in specific industries

Transparent pricing

Security, Compliance & Transparency

Pytania i odpowiedzi

Ready to protectyour network?

Your SIEM missed it.
NetSenX caught it in <1s.

Multi-valued logic meets behavioral analysis.
No black box. No signatures. Full audit trail.

Ready to protect
your network?