Nythrix — Active Defense Platform

Highest-risk adversary interactions with your deception assets. Click any row to investigate — see the source IP, MITRE technique, risk score, and recommended response.

Tracked adversary behavior across your honeypots. Each session groups detections from the same source IP — showing which decoys they touched and how persistent they are.

Intelligence-backed recommendations based on adversary tradecraft captured on your deception assets. Review and submit to your SOC for production defense.

High-persistence adversaries profiled from deception asset interactions. Click for full intelligence brief.

Specific actions to harden production defenses. Submit for approval, then execute.

Your deception coverage across the AAA framework. Annoy = waste attacker time, Attribute = identify who's attacking, Act = collect intelligence. Higher bars = more coverage in that pillar.

Deployed deception assets grouped by type. Click "Full Catalog" to deploy new decoys from 30 templates covering SSH, RDP, SMB, Web, Database, ICS, and more.

Lightweight detection sensors: honeyports catch port scans, canary files detect document exfiltration, honey credentials detect credential theft.

TCP-connect scanner traffic captured before any login attempt reaches the honeypot protocol log. The majority of pre-login activity lives here.

Tailscale mesh health across ADE collector nodes. Green = heartbeat within 2 min, yellow = within 5 min, red = offline.