August 22, 2017

Razorback: Open Source Framework for Deep Data Packet Inspection

Sourcefire released a new open source framework for deep data packet inspection.

Razorback (formerly known as Near Real-Time Detection) enables users to collect, analyze and store threat data from different technologies and vendors. Therefore, they can implement customized enterprise- and threat-specific detection and remediation.

With reference to, Razorback is designed to act as an overlay solution and deliver centralized correlation, analysis and action by coordinating Razorback (IDR) processes using custom built and existing security tools such as anti-virus, IDS, gateways, email, etc.

IDR allows users to utilize the information learned about specific attackers back into their security infrastructure for a customizable response. Razorback provides deep analysis and reporting by storing pieces of data identified that could indicate a compromise or attack and specifically highlights the components of that data which cause the system to trigger an alert.

Razorback is available for free and can be downloaded at: