R-Scope® Advanced Threat Detection


Real Time Threat Visibility

R-Scope® was designed from the ground up to provide the one tool that your security team can’t live without. Our sensors power threat hunting like no other by providing an incredible amount of visibility into your network, as well as delivering sensor performance and flexibility to improve any of your existing security tools.


Meet R-Scope – the best network security tool you’ve (probably) never heard of…

R-Scope for Hunt

R-Scope is Enterprise Ready

R-Scope: Accurately Identifying Threats

Better hunting, by design

Visibility alone isn’t enough. In addition to the hundreds of network, file, and protocol data points R-Scope provides, we deliver a stateful analytics engine that allows your team to receive meaningful alerts instead of flooding your SIEM with noise.

R-Scope: Better than Bro

Your IDS, only better

R-Scope brings the power of Zeek (formerly Bro IDS) to the enterprise, but it’s much more than an IDS. Our patented enhancements deliver scalable enterprise-class performance, comprehensive health monitoring and an easy-to-use management layer.

R-Scope: Smart as a whip

Operational source of truth

No more shrugs. With R-Scope’s deep visibility, you’ll have all the information you need to confidently determine if an event occurred, how it occurred, what the impact might be, and if it has been successfully remediated.

R-Scope: Simple to deploy

Goes where you need it

What good is a network security sensor if you can’t readily deploy it where your assets are? R-Scope comes in two form factors: a 10Gbps 1U appliance and a packaged virtual machine module. (R-Scope Cloud is on the way!)

R-Scope: Packet Capture On Demand

The best of both worlds

Until now, tools that offer similar functionality to R-Scope have been delivered primarily in complex, closed and expensive architectures. Our approach is more direct and effective. R-Scope provides comprehensive metadata with selective packet capture. Leveraging R-Scope’s behavioral triggers, we allow the user to decide what to capture and when, then fully automate distribution of those captured network packets to other tools or offline storage for later analysis.

R-Scope: Plays Nicely with others

Plays well with others

Integration with R-Scope is easy because we utilize the same open and flexible tools and protocols already found on your network. This means your admins are already familiar with the tools, and you’ll never have to worry about having to punch invasive holes into your network infrastructure in order to support vendor-specific management capabilities. We also include prepackaged integrations with leading 3rd party security products.

R-Scope Feeding Artificial Intelligence and Machine Learning

GIGO (it’s still a thing)

Regardless of how ‘advanced’ any security artificial intelligence or machine learning solution might be, it’s still restricted to one truth every CS student learns in his/her first week: garbage in, garbage out.

R-Scope has the richness and flexibility to provide the perfect contextual reference data to feed any advanced analytic system. Leverage R-Scope’s deep metadata for pinpoint visibility into user behaviors, traffic, applications, protocols, files, and encryption. Our on-box, customizable analytics enable data scientists, researchers, and security teams to offload lighter correlations to the sensor to reduce big-data churn and the expense that comes with it.

Don’t Go It Alone

The world of network security analytics doesn’t have to be a lonely place. R-Scope is built on the leading network-based behavioral analytics platform in the world: Zeek (formerly Bro). Backed by Reservoir Customer Support and Professional Services, you’ll always have the right resource by your side.

R-Scope’s open architecture enables our users to deploy analytics freely – those available from Reservoir Labs, the open source Zeek community, or written by your own team. The Zeek community is vibrant and growing, with new analytics released frequently. (Need to identify coin miners on your network? There’s a script for that!)

Professional Services

Reservoir Labs Professional services are delivered by industry experts who are focused on providing only the highest quality training and services to your organization. Please contact us to learn more about each offering and to obtain quotes.

Training Modules

R-Scope System Administration
Analyzing Metadata with R-Scope
Zeek (formerly Bro) Basics
How to write Broscript
Advanced Broscripting


Implementation/Installation Services
Security Architecture Integration
Custom Protocol Analyzer Development




R-Scope partners with FireEye™, Gigamon™, Splunk™, ThreatQ™, Sqrrl, and other market leaders to support your integration needs.

Technology Partners

R-Scope is an invaluable tool in your cyber security ecosystem.  We believe it is our responsibility to ensure we integrate with the other vital security solutions you deploy, both vendor supplied and internally developed.  We’ve built R-Scope with this tenant in mind, and we continually develop and test new integrations.

Inquire about an integration →


Value Added Resellers

R-Scope partners with world class Value Added Resellers to deliver comprehensive cyber security solutions to our clients.

Find a reseller →

Become a reseller →

Solution Briefs

R-Scope Executive Summary

R-Scope fills the void left by other cyber security products by offering a smarter, richer, and more complete view into your network. With today’s threat landscape, traditional signature-based protection is not enough; behavioral analytics built on deep network visibility provide an additional layer of security to detect threats originating from inside or outside of your network. By extracting relevant cyber security data from network traffic, R-Scope empowers analysts to react to known and zero-day attacks before damage is done.

Specifications Sheet Thumbnail

R-Scope Specifications Sheet

R-Scope puts your network under a microscope to empower security analysts with the tools needed to proactively detect and prioritize remidiation efforts specific to advanced threats. R-Scope is a network security appliance that provides real-time contextual visibility to shine a light into the dark spaces of your network infrastructure that traditional security solutions cannot illuminate. Our turnkey, enterprise-ready appliance seamlessly integrates into security operations, equipping teams of all sizes with a flexible tool to create new, or enhance existing workflows.

Professional Services for Cyber Security

Reservoir Labs offers services that reduce risk, accelerate adoption, enhance the value of existing tools, and arm security professionals.

SCinet: Securing the World’s Fastest and Most Powerful Network

Created each year for the SuperComputing conference, SCinet brings to life a very high-capacity network that supports the revolutionary applications and experiments that are a hallmark of the SC conference. SCinet is made up of a diverse group of technology-leading organizations from all over the world that work together to become the backbone of SC’s highly sophisticated, high performance network. Reservoir Labs and Gigamon are a proud part of this group.

ENSIGN Cybersecurity Analytics – Solution Overview

Reservoir Labs’ new ENSIGN® for Cyber solution brief from RSA 2017.



Partner Tech Talk: Multi-site Network Intrusion Analysis Case Study

Reservoir Labs and Deloitte’s tech talk at BroCon.


R-Scope and Splunk Solution breif from SplunkLive!

Splunk Solution Brief

Reservoir Labs and Splunk have worked together to create a solution that multiplies the effectiveness of cyber alerts and investigations with seamless CIM integration. This solution was presented at SplunkLive!

FireEye and Reservoir Labs Joint Solution Overview

Reservoir Labs and FireEye Solution Overview

Reservoir Labs and FireEye have partnered to deliver a solution that provides your security team with high fidelity alerts and introduces new ways of analyzing and cross-referencing your existing logs.  Identify and remediate threats faster by combining R-Scope’s rich metadata with FireEye’s Threat Analytics Platform.

The Gigamon and Reservoir Labs Joint Solution Overview

The joint Gigamon and Reservoir Labs solution gives security professionals the
visibility they need to hunt for and identify sophisticated and targeted attack
behaviors, reference historical data when necessary, and link non-obvious data
patterns across the network to detect and stop threats in real time.

Reservoir Labs / Gigamon RSA Presentation 2016

Partner Tech Talk: Providing Visibility in High Speed Networks

Reservoir Labs / Gigamon Joint Solution to the challenge of Security Operations presented at RSA.



Reservoir Labs / Packetsled presentation from RSA 2016

Partner Tech Talk: Breach Detection & Network Forensics

Reservoir Labs / Packetsled presentation at RSA about Alert verification in Enterprise level Bro (now zeek).



Reservoir Labs / Sqrrl presentation from RSA 2016

Partner Tech Talk: R-Scoping the Hunt

Reservoir Labs / sqrrl presentation at RSA covering threat hunting with Bro (now zeek).
Sqrrl has been acquired by Amazon Web Services since the release of this presentation. If you are interested in learning more about past integration between R-Scope and Sqrrl, please contact us.



Reservoir Labs / ThreatQuotient presentation from RSA 2016

Partner Tech Talk: Maximizing Value of Threat Intelligence at the Sensor Level

Reservoir Labs / ThreatQ presentation at RSA.



Reservoir Labs / Splunk presentation from RSA 2016

Partner Tech Talk: Splunk and R-Scope

Presentation at RSA on Splunk integration with R-Scope.



Reservoir Labs / Sqrrl Webinar on Sqrrl & R-Scope integration

Webinar: Threat Hunting with Sqrrl and R-Scope

Presentation at RSA on Sqrrl and R-Scope integration.