SCANNER is the IDS / IPS surface most CSPM tools skip. Signature-based intrusion detection plus behavioral anomaly detection on Azure workload traffic, with consent-gated response into NSG / SG / firewall rules. Sold as part of Cloud Pro, included in Healthcare, Banking, Telecom, and Government bundles.
SIEM tools see logs. CSPM tools see configurations. Neither sees what is actually moving on the wire. SCANNER does, and it does it without forcing you to deploy a heavyweight Snort or Suricata cluster.
Curated signature packs for the patterns that matter (cobalt-strike, mimikatz, common C2 frameworks, lateral-movement primitives). Updated daily from the threat-intel feed.
Reads NSG Flow Logs into behavioral models. Flags new-and-unusual destinations, port-scan patterns, and exfiltration signatures.
When a signature fires, SCANNER drafts the NSG / SG / firewall rule that contains the threat. Operator approves before any rule is written.
Cloud-native deployment. No agents on disk in the workload VMs. Reads cloud-native flow telemetry, then ships findings through CONDUIT to your SOC.
Read-only scan. No credit card. Full evidence pack on every finding.