Using Pulsar pub/sub for analytics, some scale/performance wins over RabbitMQ.


The full documentation is here.


Cyberprobe is a network packet inspection toolkit (Deep Packet Inspection) for real-time monitoring of networks. This has applications in network monitoring, intrusion detection, forensic analysis, and as a defensive platform. Cyberprobe packet inspection works on physical networks, and also in cloud VPCs. There are features that allow cloud-scale deployments.

This is not a single, monolithic intrusion detection toolkit which does everything you want straight out of the box. If that’s what you need, I would suggest you look elsewhere. Instead, Cyberprobe is a set of flexible components which can combined in many ways to manage a wide variety of packet inspection tasks. If you want to build custom network analytics there are many interfaces that make this straightforward.

The project maintains a number of components, including:


The probe, cyberprobe has the following features:


The monitor tool, cybermon has the following features:


The event stream from cybermon can be presented to RabbitMQ in a JSON form, which can then be delivered to further analytics:


The architecture has support for AWS Traffic Mirroring, and supports cloud-scale deployments:

More information

The easiest way to learn about the software is to follow our Quick Start tutorial.

Discuss cyberprobe on Google Groups at


Obtaining the Software. Github download page here.
Docker Compose configuration Cybermon, ES, Gaffer
Cyberprobe, snort, ES, Gaffer
Kibana configuration JSON