Skip to main content

Frequently Asked Questions

General

What is the NDR engine?

NDR (Lightweight Generalized Grammar Transform Plus) is our proprietary detection engine combining behavioral analysis with multi-valued logic. It detects threats unknown to signatures by analyzing network flow patterns rather than matching known attack signatures.

Does the agent capture packet contents?

No. The agent captures only flow metadata (source/destination IP, port, protocol, byte counts, timing). Packet payloads are never captured, stored, or transmitted. This is important for GDPR compliance — no personal communication content is processed.

Where is my data stored?

All data is stored in the EU (Frankfurt, Germany) on Supabase PostgreSQL with row-level security. No data leaves the EU. See our Privacy Policy for details.

How is NetSenX different from Snort/Suricata?

Snort and Suricata use signature-based detection — they match traffic against known attack patterns. NetSenX uses behavioral detection — it learns what normal looks like and detects deviations. This means NetSenX can detect zero-day attacks and novel threats that signature-based tools miss.

Agent

Does the agent affect network performance?

No. The agent operates in passive mode — it observes network connections without injecting or modifying any traffic. CPU and memory usage is minimal (typically under 2% CPU, 100 MB RAM).

What happens if the agent loses internet connection?

Alerts are queued locally and sent when connectivity is restored. The agent continues monitoring even without backend connectivity. After 7 days offline, the agent enters degraded mode (free-tier rules only) as a license safety measure.

Can I run the agent without root/admin privileges?

On Linux, the agent needs CAP_NET_RAW capability for packet capture:

sudo setcap cap_net_raw+eip $(which netsenx-agent)

Alternatively, the agent can use psutil (no special privileges) for connection-level monitoring instead of raw packet capture.

How often does the agent phone home?

  • Heartbeat: Every 60 seconds (lightweight, ~200 bytes)
  • Config pull: Every 5 minutes (rules, whitelist updates)
  • Alert upload: Real-time when detections occur
  • Auto-update check: Every 24 hours
  • License verification: Every 24 hours

Can I run multiple agents on one machine?

Yes, but each agent needs a unique NETSENX_AGENT_ID and should monitor a different network interface.

Billing

What happens when my subscription expires?

DayStatusAccess
Day 1-4Grace periodFull access with warning banner
Day 5+DegradedFree plan (3 devices, 8 rules, 30-day retention)
Day 90+Data deletionData may be permanently deleted

Your data is preserved for 90 days after expiry. Renewing restores full access immediately.

Can I cancel anytime?

Yes. Go to Billing -> Manage Subscription -> Cancel. Your plan remains active until the end of the current billing period. No refunds for partial periods.

Do you offer annual billing?

Yes. Annual billing saves 17% (pay for 10 months, get 12). Switch in Billing -> Annual/Monthly toggle.

What is a perpetual license?

Enterprise customers can purchase a one-time perpetual license. The agent verifies the license offline using RSA-4096 signatures — no ongoing server communication required for license validation. Support is billed separately on an annual basis.

Do you offer discounts for non-profits or education?

Contact us at sales@netsenx.com for special pricing.

Security

Is the dashboard accessible from the internet?

Yes, at app.netsenx.com. Access is protected by:

  • Supabase Auth (email + password)
  • Optional 2FA (TOTP)
  • IP whitelisting (configurable)
  • Session management with revocation
  • CSRF protection and rate limiting

What security certifications does NetSenX have?

NetSenX is built with security-first architecture including:

  • Encryption at rest and in transit (TLS 1.3)
  • Row-level security in PostgreSQL (tenant isolation)
  • GDPR-compliant data processing
  • NIS2-aligned security monitoring
  • OWASP Top 10 protections (CSP, XSS, CSRF, SQLi prevention)

Formal SOC 2 certification is planned.

How do I report a security vulnerability?

Email security@netsenx.com with details. We follow responsible disclosure practices and aim to acknowledge reports within 48 hours.

Compliance

Is NetSenX sufficient for NIS2 compliance?

NetSenX addresses several NIS2 requirements (incident detection, reporting, audit trails) but NIS2 compliance requires a holistic approach including organizational measures, policies, and training. NetSenX is a tool that supports your compliance program — it is not a complete NIS2 solution on its own.

Can I use NetSenX reports for regulatory submissions?

Yes. NIS2 Art.23 and GDPR Art.33 PDF reports include all information required for CSIRT and DPA notifications. However, you should review and supplement reports with organization-specific context before submission.