R-Scope Advanced Threat Detection


Real Time Threat Visibility

R-Scope delivers real-time network visibility, situational awareness, and event detection at the speed of today’s enterprise. Our enterprise-ready appliances seamlessly integrate with your IT operations, equipping your teams with easy-to-use tools to defend against rapidly evolving cyber threats.

R-Scope: Smart as a whip

Smart as a Whip

Zero-days and APTs can’t hide from R-Scope’s network visibility. R-Scope incorporates the most advanced threat intelligence technologies available with context-aware, policy-driven analytics to tease out the threats that are lurking at all levels
of your network.

R-Scope: Plays Nicely with others

Plays Nicely with Others

R-Scope easily integrates with existing network security solutions or internally developed security operations center (SOC) infrastructure, including Security Information and Event Monitoring (SIEM)

R-Scope: Accurately Identifying Threats

Better Hunting

R-Scope’s rich metadata provides the information about your network and assets that is necessary in order to fully leverage threat intelligence. Be prepared for the new generation of indicators of compromise. With R-Scope, you can easily compare and contrast metadata specific to indicators such as user-agent, certificate, ciphers, and more. Reduce false positives and increase the value of alerts.

R-Scope: Packet Capture On Demand

Packet Capture On-Demand

Between metadata capture and full-packet capture, R-Scope provides the best of both worlds. Instead of massive spending to build and maintain infrastructure to capture, store and search every packet on the network, use R-Scope to target capture of discrete packet strings based on behavioral triggers specific to your organization. Quickly leverage common triggers or create unique scripts for your environment.

R-Scope: Simple to deploy

Simple to Deploy

R-Scope’s turnkey, enterprise-ready approach seamlessly integrates with your existing network security and IT infrastructure. Tap it in, turn it on, and start gaining additional visibility into the threats on your network. It’s that easy.

R-Scope: Better than Bro

Your Bro, only Better

R-Scope brings the power of Bro to enterprise deployments. R-Scope’s patent-pending Acceleration Layer speeds packet ingestion, while R-Scope’s Manageability Layer streamlines management for admins and analysts with a seamless command-line environment.

R-Scope® puts networks under a microscope so that customers can respond to both known and zero-day attacks before they become crises.

R-Scope is a sensor that enables real-time network visibility providing unprecedented levels of situational awareness at speeds up to 20 Gbps. Our turn-key, enterprise-ready appliance seamlessly integrates into IT operations equipping teams of all sizes with the easy-to-use tools required to defend against today’s and tomorrow’s cyber attacks.

Specifically, R-Scope provides deep network visibility, advanced situational awareness, and real-time security event detection by extracting cyber-relevant data from network traffic. R-Scope leverages the richness of the Bro open-source analytics language, is architected to connect to major SIEM systems, and incorporates the most advanced threat intelligence technologies available. R-Scope is commercially available in compact, ready-to-deploy packages that fit into your environment.


Professional Services

Reservoir Labs Professional services are delivered by industry experts who are focused on providing only the highest quality training and services to your organization. Please contact us to learn more about each offering and to obtain quotes.

Training Modules

R-Scope System Administration (1 day)
Analyzing Metadata with R-Scope (1 day)
Bro-Basics (½ Day – Webinar)
How to write Broscript (1-Day, with Lab)
Advanced Broscripting (2 Days, with Lab)


Implementation/Installation Services
Security Architecture Integration
Custom Protocol Analyzer Development


Bro Powered, Enterprise Ready

Leverage the power of Bro in your enterprise with R-Scope Appliances. R-Scope is more than Bro-in-a-box; we add value above and below the Bro engine. Our R-Scope acceleration layer includes patent pending technology to accelerate packet ingest into Bro, while the R-Scope
Manageability Layer wraps the whole system in a seamless command-line environment to streamline management for over-burdened admins and assist busy analysts with productive development workflows.

R-Scope enhances bro throughout with added acceleration and manageability

R-Scope is enterprise-ready

Hardened for the Enterprise

We start with hardware purpose-built for network monitoring, and then go to extreme lengths to provide a device that is secure to run and easy to administer. Starting from a minimal Linux environment running encrypted file systems, we secure the appliance from BIOS, to OS, to application. R‑Scope is enhanced to support multiple users with multiple security roles to map to the different operational functions within an enterprise. Additionally, we provide a secure update mechanism for both internet-connected devices as well as locked down, restricted access machines.

Streamlined Development Environment

Working with researchers and practitioners, we have developed a streamlined, on-box, development environment to allow production and development Bro instances to run side-by-side. Users can write
applications in our development sandbox, and use PCAP traffic to test. When ready for deployment, the application is released into the production environment. The environment synchronization is
handled by a simple Git repository. Our goal is to keep your production sensor up and running while allowing your analysts to remain productive in development.

R-Scope's streamlined development environment allows developers to remain productive

R-Scope is partnered with many market leaders to support your integration needs.

R-Scope partners with FireEye, Splunk, ArcSight, Gigamon, Sqrrl, Hewlett Packard Enterprise, ThreatQ, Solarflare, Packetsled, Arista and many other market leaders to support your integration needs.

Avoid Integration Headaches

We make getting data into and out of the appliance as simple as possible by natively supporting the tools you already know and love. To get data into the box, use your existing Arista™ switch, or Gigamon™ packet broker. To export data, use the built in syslog or scp capability, and then visualize your data by simply connecting R-Scope to your Splunk™ instance or ArcSight™ installation. Download our Splunk app at: https://apps.splunk.com/app/1722/ to see more.

Deploy for the Long Term

R-Scope is available in a compact and efficient 1U form factor that can scale to 100’s of Gbps with cost-effective, space-and-power efficient clusters. Enterprises can choose R-Scope to fit their needs and adopt a platform for network security monitoring that truly scales.

Product detail and use cases

R-Scope PACE

R-Scope Executive Summary

R-Scope fills a void left by other Cyber Security products by offering a smarter, richer, and more complete view into your network. With today’s threat landscape, traditional signature-based protection is not enough; we must assume some threat actors will penetrate the perimeter and lurk in the network for weeks or months hunting for your most valuable assets. R-Scope enables the identifcation of sophisticated attack behaviors by today’s (and tomorrow’s) hackers with a real-time focus on what’s happening right now, in and around your network. By extracting relevant cyber security data from network traffic, R-Scope empowers analysts to react to known and zero-day attacks before damage is done.

Specifications Sheet Thumbnail

R-Scope Specifications Sheet

R-Scope® puts networks under a microscope so that customers can respond to both known and zero-day attacks before they become crises. R-Scope is a sensor that enables real-time network visibility providing unprecedented levels of situational awareness at speeds up to 100 Gbps.

SCinet Presented by Reservoir Labs and Gigamon

Created each year for the SuperComputing conference, SCinet brings to life a very high-capacity network that supports the revolutionary applications and experiments that are a hallmark of the SC conference. SCinet is made up of a diverse group of technology-leading organizations from all over the world that work together to become the backbone of SC’s highly sophisticated, high performance network. Reservoir Labs and Gigamon are a proud part of this group.

ENSIGN Cybersecurity Analytics – Solution Overview

Reservoir Labs’ new ENSIGN for Cyber solution brief from RSA 2017.



Partner Tech Talk: Multi-site Network Intrusion Analysis Case Study

Reservoir Labs and Deloitte’s tech talk at BroCon 2016


R-Scope and Splunk Solution breif from SplunkLive!

Splunk Solution Brief

Reservoir Labs and Splunk have worked together to create a solution that multiplies the effectiveness of cyber alerts and investigations with seamless CIM integration. This solution was presented at SplunkLive!

FireEye and Reservoir Labs Joint Solution Overview

Reservoir Labs and FireEye Solution Overview

Reservoir Labs and FireEye have partnered to deliver a solution that provides your security team with high fidelity alerts and introduces new ways of analyzing and cross-referencing your existing logs.  Identify and remediate threats faster by combining R-Scope’s rich metadata with FireEye’s Threat Analytics Platform.

Gigamon and Reservoir Labs solution overview

The Gigamon and Reservoir Labs Joint Solution Overview

Reservoir Labs and Gigamon have collaborated to offer customers one of the most flexible IDS deployment options coupled with robust performance. The combination of Reservoir Labs R-Scope and the Gigamon Visibility Fabric™ architecture ensures traffic is analyzed and threats are detected in real time.

Reservoir Labs / Gigamon RSA Presentation 2016

Partner Tech Talk: Providing Visibility in High Speed Networks

Reservoir Labs / Gigamon Joint Solution to the challenge of Security Operations presented at RSA 2016


Reservoir Labs / Packetsled presentation from RSA 2016

Partner Tech Talk: Breach Detection & Network Forensics

Reservoir Labs / Packetsled presentation from RSA 2016 about Alert verification in Enterprise level Bro


Reservoir Labs / Sqrrl presentation from RSA 2016

Partner Tech Talk: R-Scoping the Hunt

Reservoir Labs / Sqrrl presentation from RSA 2016 covering threat hunting with Bro


Reservoir Labs / ThreatQuotient presentation from RSA 2016

Partner Tech Talk: Maximizing Value of Threat Intelligence at the Sensor Level

Reservoir Labs / ThreatQ presentation from RSA 2016


Reservoir Labs / Splunk presentation from RSA 2016

Partner Tech Talk: Splunk and R-Scope

Presentation from RSA 2016 about Splunk integration with R-Scope


Reservoir Labs / Sqrrl Webinar on Sqrrl & R-Scope integration

Webinar: Threat Hunting with Sqrrl and R-Scope

Presentation for RSA 2016 about Sqrrl and R-Scope integration