Purpose-built for IoT, IIoT, and IoRT environments where devices exhibit traffic patterns outside traditional network baselines. GNAT provides tools to establish behavioral baselines and identify deviations that may indicate compromise or misconfiguration in constrained, purpose-built systems.

Powered by gnat_flow, a Rust-based flow meter with AF_PACKET capture, nDPI deep packet inspection, JA4+ fingerprinting, and entropy calculation. Bidirectional flow assembly with Parquet/JSON export enables seamless integration with data pipelines for real-time monitoring and historical threat hunting.

Small, focused programs that do one thing well and combine to accomplish complex tasks. Composable CLI tools like gnat_hbos, gnat_reputation, gnat_tag, and gnat_rule can be orchestrated to build sophisticated threat hunting and anomaly detection workflows.