NAPSE POD
AI-Native Packet Analysis with NAPSE Engine
Unified IDS/NSM/IPS with 16 protocol parsers, ML inference, and sub-millisecond alert latency.
Free & Open Source
One node's detection → everyone's protection
Stop paying $50K+/year for cloud SIEMs that can't protect your edge. Deploy a complete SOC on a Raspberry Pi in 5 minutes. Free forever.
Runs on hardware you already own
From $35 Raspberry Pi to enterprise servers - same protection, same simplicity
No complex setup. No consultants. Just paste and go.
$ git clone https://github.com/hookprobe/hookprobe.git
$ cd hookprobe && sudo ./install.shWorks on Linux with Ubuntu, Open vSwitch, OpenFlow, and Podman installed
Enterprise security tools weren't built for the edge. Here's what you're dealing with:
Splunk, Elastic, CrowdStrike - they all want $50,000+/year. For most teams, that's the entire security budget.
Your security data sits on someone else's servers. You pay per GB, per user, per everything.
Cloud SIEMs can't see what's happening at your branch offices, retail locations, or IoT networks.
Weeks of setup, consultants, training, certifications. Security shouldn't require a PhD.
Enterprise-grade security tools, pre-configured and ready to protect your network.
AI-native IDS/NSM/IPS with sub-millisecond alert latency, 50,000+ detection rules, and 10x less resource usage than legacy tools.
Automated threat containment with playbook-driven response. No waiting for cloud round-trips.
Beautiful XSOC dashboard with live threat feeds, network maps, and incident timelines.
Quantified security posture (0-100) updated in real-time. Know exactly where you stand.
Five integrated protocols form the backbone of distributed threat hunting. One node's detection becomes everyone's protection.
Keyless, post-quantum secure transport with NAT traversal. Adaptive streaming across UDP/TCP with anti-blocking fallback.
Byzantine fault-tolerant consensus. 2/3 quorum validates threats. Microblocks with BLS signatures ensure integrity.
Living cryptography where neural weights become keys. Device identity through deterministic weight evolution.
Real-time resilience scoring (0-100%). L2-L7 detection across 27 attack types. GREEN/AMBER/RED status.
Keys emerge from neural state - nobody knows the password. Ephemeral, bound to hardware, temporally unique.
Distributed Mesh Threat Hunting: All edge nodes (Sentinel, Guardian, Fortress, Nexus) form a mesh using HTP transport. When any node detects a threat, it creates a cryptographic microblock and broadcasts via DSM. After 2/3 consensus, all nodes block the threat instantly. Privacy preserved - only anonymized signatures shared, never raw data.
Each POD is a specialized security container designed for edge deployment. Together, they form a complete autonomous SOC.
Unified IDS/NSM/IPS with 16 protocol parsers, ML inference, and sub-millisecond alert latency.
8 specialized AI agents for cross-layer threat reasoning and autonomous response.
ClickHouse-powered log aggregation with real-time search and correlation.
MISP and STIX/TAXII feeds for up-to-date IOC matching and threat enrichment.
Automated scanning with CVE correlation and risk prioritization.
Playbook-based automated response with human-in-the-loop escalation.
Single-pane-of-glass visibility with Qsecbit scoring and real-time alerts.
Five tiers of deployment - edge nodes form a distributed mesh, MSSP provides centralized management.
The Watchful Eye - a lightweight validator service designed for getting started with HookProbe. Sentinel provides essential edge node validation and health monitoring, perfect for testing the platform or protecting a single device.
The Perfect Mesh for Individuals. Create a protective mesh with up to 3 devices - one of each type. Perfect for small business owners like Mr. George's pizza bakery: a Fortress router for shop WiFi, a Guardian for travel protection, and a Sentinel watchdog.
Your Digital Stronghold - designed for growing businesses needing multi-site protection. Create up to 3 tenants with 9 devices shared across them. Perfect for businesses with multiple locations, franchises, or complex security requirements.
The Regional Brain - an ML/AI compute hub for advanced threat detection, analytics, and intelligence processing. GPU-accelerated machine learning, long-term data retention, and federated learning coordination for security operations at scale. Currently in development.
The Central Brain - a self-hosted management platform that aggregates all edge nodes into a single pane of glass. MSSP provides unified IAM, multi-tenant device management, and centralized security monitoring for the entire distributed mesh. Stand-alone, self-controlled.
Qsecbit is HookProbe's proprietary quantum-resilient security metric. Unlike traditional security scores that rely on point-in-time assessments, Qsecbit provides continuous, real-time measurement of your infrastructure's true security posture.
From home labs to enterprise edge networks - HookProbe protects them all.
Protect your self-hosted services, NAS, and home network with enterprise-grade security on a Raspberry Pi.
Perfect for: Proxmox, TrueNAS, Home AssistantGet SOC-level protection without the SOC-level budget. Protect your office network, POS systems, and remote workers.
Perfect for: Retail, Clinics, Law FirmsDeploy HookProbe at every client site for centralized monitoring. One dashboard, unlimited endpoints.
Perfect for: Multi-tenant securityFull packet capture, NAPSE detection logs, and AEGIS AI analysis for your honeypots, malware labs, and CTF environments.
Perfect for: Threat hunting, CTF, ResearchAir-gapped, offline-capable IDS for manufacturing, utilities, and critical infrastructure.
Perfect for: SCADA, PLCs, ICSTeach cybersecurity with real tools. Students deploy, configure, and operate a full SOC stack.
Perfect for: Universities, BootcampsYes, HookProbe is 100% free and open-source under the AGPL license. No subscription fees, no cloud costs, no per-user pricing. You own your data and infrastructure completely.
Commercial SIEMs typically cost $50,000+/year and require cloud connectivity. HookProbe is free, runs on low-cost hardware like Raspberry Pi, and operates at the edge without cloud dependency. Enterprise-grade detection, zero cost.
Absolutely. HookProbe is optimized for Raspberry Pi 4/5, NVIDIA Jetson, and any ARM64/x86_64 device. A single Raspberry Pi 5 can monitor networks with 50+ devices.
Under 5 minutes. Run our automated installer on any Linux device, and all 7 PODs are automatically configured and protecting your network. No consultants required.
No. HookProbe is 100% self-hosted and works completely offline. All threat detection, log analysis, and incident response happens locally. Your data never leaves your network.
NAPSE for unified AI-native detection (50,000+ rules, sub-ms latency), AEGIS for autonomous AI defense, ClickHouse for log management, MISP for threat intel, plus automated response playbooks.
Qsecbit is HookProbe's real-time security score (0-100%) that measures your infrastructure's actual security posture. Score above 55% means GREEN (Protected), 30-55% is AMBER (Stay alert), below 30% is RED (Under attack). Updates continuously based on threat activity and defense effectiveness.
Home lab enthusiasts, small businesses, MSPs, security researchers, and anyone who wants enterprise-grade security without enterprise costs. If you have devices on a network, HookProbe can protect them.
Your first Raspberry Pi SOC is 5 minutes away. No credit card. No sales calls. Just security.
Open source. Self-hosted. Free forever.