Enabling real time threat visibility.



Network visibility for enterprise security

R-Scope is a powerful network security sensor for threat hunting and threat detection. Providing network activity in context gives the clearest view of genuine threats, faster. Incident Responders benefit from R-Scope’s balanced output that is 100x richer than competing approaches at a fraction of the storage footprint and cost. R-Scope identifies threats quickly and enables rapid and thorough remediation.

Core Capabilities

Form Factor

R-Scope is available in multiple form factors to meet a variety of enterprise deployment requirements. For traditional data centers, R-Scope is available as a 1U appliance, variably priced according to throughput requirements. Software-only offerings are available for deployments that require more flexibility. Contact Reservoir Labs for cloud deployment. All R-Scope offerings are fully hardened and supported for the most demanding business environments. Support and Services are provided in-house by qualified Reservoir Labs engineers.

Data Enrichment

R-Scope offers significant opportunity for on-box analytic deployment for data enrichment. Leveraging R-Scope’s on-system development environment, security teams can develop, test and deploy a variety of analytics to tune data output and ensure a clear and simple lens through which to evaluate network traffic. R-Scope accepts all open-source Zeek/Bro scripts; additionally Reservoir Labs offers a curated set of tested community scripts as well as custom analytics uniquely valuable to enterprise users.

Real-Time, Scalable Threat Detection

R-Scope sensors provide in-depth network traffic analysis by inspecting all bi-directional network traffic. Using it’s programmable analytic engine, R-Scope produces rich network metadata capturing protocol event detail, application services, files, and content on the network. R-Scope offers network analysis at scale, using patented technologies designed and developed by leading experts on high-performance networking.

Advanced Sensor Management

R-Scope is architected for professional enterprise management. Bringing a fresh DevOps perspective to security, R-Scope integrates with Ansible for sensor management. This approach allows security and IT teams to manage not just sensors but whole enterprises from a single pane of glass, bringing control and visibility across the organization’s entire workflow, without incurring the downside of vendor lock-in that is frequently the price of ease of management.

Selective Packet Capture

While full packet capture is appealing as a source of data, particularly in the case of incident response, it can be prohibitively expensive, both in terms of storage costs and also potentially in terms of process overhead. R-Scope’s Selective Packet Capture (SPC) feature allows users to decide what to capture and when, then fully automate distribution of those captured network packets to other tools or offline storage for later analysis.

Threat Analytics & Intel Workflow

R-Scope is designed for seamless integration into any organization’s security operations workflow, with analytics that can be pulled directly from Git or Intel repositories. R-Scope is equipped with an innovative on-system development sandbox that enables threat research teams to rapidly develop, test and deploy analytics/intel quickly and efficiently.

Use Cases

Reservoir offers a curated repository of community scripts as well as proprietary analytics that provide powerful ready-to-go threat hunting capabilities.  Following are examples of the data enrichment and hunt analytic use cases available. Please contact Reservoir Labs to discuss your team’s specific priorities.

Encrypted Traffic Investigation

R-Scope equipped with Zeek protocol analyzers and seasoned analytic scripts can provide valuable metadata and events to enable threat hunting with encrypted protocols such as SSH, SSL, SMTP/TLS. Eliminate encrypted traffic blind spots without compromising privacy.

Data Exfiltration

Use our customizable, heuristics driven analytics such as “Producer Consumer Ratio” (PCR) and others to detect data exfiltration over encrypted or unencrypted protocols. 

Anomaly Detection

Baseline your network for top talkers, protocols, ports, URLs quickly and use these to drive behavioral anomaly based detections right out of the box. 


File Analyzer optimizations

Alleviate event fatigue and fine-tune R-Scope to analyze and log events only for the file types you choose to investigate and hunt.


Detect and hunt for Personal Information Identification (PII) leaks such as SSN and Credit card information over unencrypted channels using custom R-Scope analytics.

File/Attachment Investigation

Integrate R-Scope’s fully customizable, real-time file carving functionality with any third-party malware analytics solution. You can define which files are extracted from your network and under what conditions those files are extracted. Leverage built-in automation to enable fire-and-forget file analysis.

Professional Services

Work with our team

Reservoir Labs Professional Services are tailored to ensure exceptional outcomes for enterprises by reducing risk, accelerating adoption and enhancing existing security tools and infrastructure. Services are delivered by industry experts who are available to provide tailored training and deployments to your organization. 

Contact us to learn more about the following services:

Technology Enabled Services


Security Architecture Integration


Implementation and Installation Services


Custom Analytic Development



Zeek is an open-source network security monitoring platform, a robust tool that provides deep visibility into network activity. The Zeek project (then Bro) was started back in the 1990s with the goal of using network data to understand what was happening on research and education networks. The project has grown and matured, with significant support from the thousands of users globally who participate in this open source community. In stark contrast to NetFlow, Zeek makes available every aspect of a session for use in network forensics and hunting. 


By default, Zeek provides over 50 log file types and can identify over 3000 underlying network events, including protocols, files, applications, certificates, tunnels, and notice data available from a Zeek-based hunt.


Reservoir Labs is an active supporter of the Zeek community, and R-Scope development is and will remain true to the open source values, actively supporting and contributing to the health and wellbeing of the Zeek platform and the technical community it supports. R-Scope is a Zeek-based, enterprise class, scalable cyber security sensor solution. To Zeek, Reservoir has added patented performance enhancements as well as reliability, availability, and serviceability (RAS) features. In addition to R-Scope, Reservoir offers professional services to deliver capabilities such as custom protocol analyzers and analytics, architectural design consulting, and comprehensive training. 


Please visit for more information about Zeek – including public downloads, training, and community forums. 

Reservoir Labs offers R-Scope’s proven performance to protect all networks, centralized and distributed, large and small, physical and virtual.  Procurement options are available for acquisition as well as subscription.  Contact Reservoir Labs for a free trial of R-Scope V-Pace or for additional Information. 

R-Scope Pace

R-Scope Pace-Lite

R-Scope V-Pace

Related News

Related Publications

For more information about Reservoir products or to purchase, please