R-Scope® Advanced Threat Detection


Real Time Threat Visibility

R-Scope® was designed from the ground up to provide the one tool that your security team can’t live without. Our sensors power threat hunting like no other by providing an incredible amount of visibility into your network, as well as delivering sensor performance and flexibility to improve any of your existing security tools.


R-Scope for Hunt

R-Scope is Enterprise Ready

R-Scope: Accurately Identifying Threats

Better hunting, by design

Visibility alone isn’t enough. In addition to the hundreds of network, file, and protocol data points R-Scope provides, we deliver a stateful analytics engine that allows your team to receive meaningful alerts instead of flooding your SIEM with noise.

R-Scope: Better than Bro

Your IDS, only better

R-Scope brings the power of Zeek (formerly Bro IDS) to the enterprise, but it’s much more than an IDS. Our patented enhancements deliver scalable enterprise-class performance, comprehensive health monitoring and an easy-to-use management layer.

R-Scope: Smart as a whip

Operational source of truth

No more shrugs. With R-Scope’s deep visibility, you’ll have all the information you need to confidently determine if an event occurred, how it occurred, what the impact might be, and if it has been successfully remediated.

R-Scope: Simple to deploy

Goes where you need it

What good is a network security sensor if you can’t readily deploy it where your assets are? R-Scope comes in two form factors: a 10Gbps 1U appliance and a packaged virtual machine module. (R-Scope Cloud is on the way!)

R-Scope: Packet Capture On Demand

The best of both worlds

Until now, tools that offer similar functionality to R-Scope have been delivered primarily in complex, closed and expensive architectures. Our approach is more direct and effective. R-Scope provides comprehensive metadata with selective packet capture. Leveraging R-Scope’s behavioral triggers, we allow the user to decide what to capture and when, then fully automate distribution of those captured network packets to other tools or offline storage for later analysis.

R-Scope: Plays Nicely with others

Plays well with others

Integration with R-Scope is easy because we utilize the same open and flexible tools and protocols already found on your network. This means your admins are already familiar with the tools, and you’ll never have to worry about having to punch invasive holes into your network infrastructure in order to support vendor-specific management capabilities. We also include prepackaged integrations with leading 3rd party security products.

R-Scope Feeding Artificial Intelligence and Machine Learning

GIGO (it’s still a thing)

Regardless of how ‘advanced’ any security artificial intelligence or machine learning solution might be, it’s still restricted to one truth every CS student learns in his/her first week: garbage in, garbage out.

R-Scope has the richness and flexibility to provide the perfect contextual reference data to feed any advanced analytic system. Leverage R-Scope’s deep metadata for pinpoint visibility into user behaviors, traffic, applications, protocols, files, and encryption. Our on-box, customizable analytics enable data scientists, researchers, and security teams to offload lighter correlations to the sensor to reduce big-data churn and the expense that comes with it.

Don’t Go It Alone

The world of network security analytics doesn’t have to be a lonely place. R-Scope is built on the leading network-based behavioral analytics platform in the world: Zeek (formerly Bro). Backed by Reservoir Customer Support and Professional Services, you’ll always have the right resource by your side.

R-Scope’s open architecture enables our users to deploy analytics freely – those available from Reservoir Labs, the open source Zeek community, or written by your own team. The Zeek community is vibrant and growing, with new analytics released frequently. (Need to identify coin miners on your network? There’s a script for that!)

Professional Services

Reservoir Labs Professional services are delivered by industry experts who are focused on providing only the highest quality training and services to your organization. Please contact us to learn more about each offering and to obtain quotes.

Training Modules

R-Scope System Administration
Analyzing Metadata with R-Scope
Zeek (formerly Bro) Basics
How to write Broscript
Advanced Broscripting


Implementation/Installation Services
Security Architecture Integration
Custom Protocol Analyzer Development




R-Scope partners with FireEye™, Gigamon™, Splunk™, ThreatQ™, and other market leaders to support your integration needs.


Technology Partners

R-Scope is an invaluable tool in your cyber security ecosystem.  We believe it is our responsibility to ensure we integrate with the other vital security solutions you deploy, both vendor supplied and internally developed.  We’ve built R-Scope with this tenet in mind, and we continually develop and test new integrations.

Inquire about an integration →


Value Added Resellers

R-Scope partners with world class Value Added Resellers to deliver comprehensive cyber security solutions to our clients.

Find a reseller →

Become a reseller →

Solution Briefs

R-Scope Advanced Threat Detection

R-Scope is a powerful network security sensor for threat hunting and threat detection. R-Scope gives SOC analysts the right analytics and context to assess the network threat landscape and identify the most critical threats, faster. Incident Responders benefit from R-Scope’s rich historical metadata, file object extraction, and selective packet capture, ensuring rapid and thorough remediation.

R-Scope Specifications Sheet

R-Scope puts your network under a microscope to empower security analysts with the tools needed to proactively detect and prioritize remediation efforts specific to advanced threats. R-Scope is a network security appliance that provides real-time contextual visibility to shine a light into the dark spaces of your network infrastructure that traditional security solutions cannot illuminate. Our turnkey, enterprise-ready appliance seamlessly integrates into security operations, equipping teams of all sizes with a flexible tool to create new, or enhance existing workflows.

Professional Services for Cyber Security

Reservoir Labs offers services that reduce risk, accelerate adoption, enhance the value of existing tools, and arm security professionals.

SCinet: Securing the World’s Fastest and Most Powerful Network

SCinet 2018

Created each year for the SuperComputing conference, SCinet brings to life a very high-capacity network that supports the revolutionary applications and experiments that are a hallmark of the SC conference. SCinet is made up of a diverse group of technology-leading organizations from all over the world that work together to become the backbone of SC’s highly sophisticated, high performance network. Reservoir Labs and Gigamon are a proud part of this group.

ENSIGN Cybersecurity Analytics – Solution Overview

Reservoir Labs’ new ENSIGN® for Cyber solution brief.

Partner Tech Talk: Multi-site Network Intrusion Analysis Case Study

Reservoir Labs and Deloitte’s tech talk at BroCon.

Splunk Solution Brief

R-Scope and Splunk Solution breif from SplunkLive!

Reservoir Labs and Splunk have worked together to create a solution that multiplies the effectiveness of cyber alerts and investigations with seamless CIM integration. This solution was presented at SplunkLive!

Reservoir Labs and FireEye Solution Overview

FireEye and Reservoir Labs Joint Solution Overview

Reservoir Labs and FireEye have partnered to deliver a solution that provides your security team with high fidelity alerts and introduces new ways of analyzing and cross-referencing your existing logs.  Identify and remediate threats faster by combining R-Scope’s rich metadata with FireEye’s Threat Analytics Platform.

Reservoir Labs and Gigamon Solution Overview

With a hyper focus on what’s happening at any moment in and around the network, the joint Gigamon and Reservoir Labs solution gives security professionals the visibility they need to hunt for and identify sophisticated and targeted attack behaviors, reference historical data when necessary, and link non-obvious data patterns across the network to detect and stop threats in real time.

Partner Tech Talk: Providing Visibility in High Speed Networks

Reservoir Labs / Gigamon RSA Presentation 2016

Reservoir Labs / Gigamon Joint Solution to the challenge of Security Operations presented at RSA.

Partner Tech Talk: Breach Detection & Network Forensics

Reservoir Labs / Packetsled presentation from RSA 2016

Reservoir Labs / Packetsled presentation at RSA about Alert verification in Enterprise level Bro (now zeek).

Partner Tech Talk: Maximizing Value of Threat Intelligence at the Sensor Level

Reservoir Labs / ThreatQuotient presentation from RSA 2016

Reservoir Labs / ThreatQ presentation at RSA.