Map threats.

Observe attack behavior.

Stay ahead of attackers and neutralize zero-day attacks.

ThreatStryker observes, correlates, learns, and acts to protect your applications and keep you one step ahead of attackers. Use ThreatStryker to …

ThreatStryker vulnerability detection
radar with dots icon

Map the presence of threats

Deepfence ThreatStryker discovers all running containers, processes, and online hosts, and presents a live and interactive color-coded view of the topology. It audits containers and hosts to detect vulnerable components, and interrogates configuration to identify file system, process, and network related misconfigurations. ThreatStryker assesses compliance using industry and community standard benchmarks.

Observe anomalies in application behavior and network traffic

ThreatStryker performs deep inspection of network traffic, system, and application behavior, and accumulates suspicious events over time. Events are classified and correlated against known vulnerabilities and suspicious patterns of behavior, in order to detect active threats with minimal false positives.

malicious network and host alerts with ThreatStryker
ThreatStryker runtime alert classes

Deploy targeted remediation against active threats

When suspicious patterns of behavior are detected, the intent of the behavior is deduced and ThreatStryker takes appropriate and contained remedial action. Tainted workloads are deleted, frozen, or restarted, sources of attack traffic are temporarily or permanently blocked, and alerts are raised to SIEM and monitoring systems. Attackers are stopped in their tracks, attacks are neutralized, and lateral spread is prevented.

ThreatStryker is built on the Deepfence ThreatMapper open source security observability platform. ThreatStryker extends ThreatMapper with a real-time correlation engine that matches the threat map with real-time telemetry. The correlation engine can identify attacks in progress and ThreatStryker will then deploy mitigations to neutralize attacks and prevent lateral spread.

Key features


Scan build artifacts for vulnerabilities during Continuous Integration

Scan container registries for vulnerable containers before deployment

Scan production environments for host, container and application vulnerabilities


Capture selected network traffic, decrypting TLS, to identify “Signals of Attack”

Capture “Indicators of Compromise” process and filesystem events from hosts and containers

Classify traffic and events against threat feeds and attack models


Scan hosts and containers to identify opportunities to harden configuration and security

Evaluate compliance against community and industry standard benchmarks


Automatic quarantine of compromised workloads in event of compromise

Automatic, targeted firewalling of attack traffic in event of signals of attack

Fine-grained control based on attacker behavior and compliance policies

Prioritize Vulnerabilities

Classification of vulnerabilities based on CVSS scores

Ranking of vulnerabilities based on exploitability and proximity to attack surface

Single-page view of “What to Fix First” to reduce exposure to risk-of-exploit quickly


CI/CD Integration to raise build failures to Development

Fine-grained production notification, supporting multiple apps and teams

Support for Slack, PagerDuty, Teams, Jira, Splunk, ElasticSearch, SumoLogic, and more


Real-time discovery and visualization of applications in production

Topology mapping for interconnected, microservice applications

Continuous scanning of production to identify newly-published vulnerabilities

Alert on Attack

Advanced correlation engine to identify attack attempts in-progress

Cyber-Kill-Chain modeling of attack, from recon through spread to exfiltration

Forensic analysis of signals and indicators across long time windows

Seamlessly integrates with…

Looking to get started with open source ThreatMapper?

ThreatStryker is built on the open source security observability platform, ThreatMapper. It’s easy to get started with ThreatMapper on GitHub. Or you can learn more and compare products to find out which one is right for you.

Ready to see ThreatStryker?