Drop a capture file. Get assets, conversations, MITRE ATT&CK findings, and Purdue topology in seconds — without standing up Wireshark, Zeek, or a SIEM.
No account needed for a 50 MB test scan. Results expire after 24 hours.
MarlinSpike was built for the OT/ICS environment — where Wireshark is necessary but insufficient, and every unrecognized protocol could be a threat.
Speaks the full stack, no config. OT protocols decoded alongside TCP/IP.
42 detection rules across Enterprise and ICS ATT&CK matrices. Every finding links to its technique — no interpretation layer required.
Assets classified automatically to Purdue levels L0–L4. Network graph rendered per scan — no manual tagging, no CMDB import.
Uploads and reports are isolated per tenant. Retention schedules enforced automatically. Your captures are not pooled or analyzed cross-account.
Drag in a .pcap, .pcapng, or .cap file. Anonymous scans need no account. Registered users get persistent history and larger caps.
MarlinSpike decodes every packet, identifies assets, classifies protocols, and evaluates 42 detection rules against your capture.
Interactive topology map, findings by severity, protocol distribution, ATT&CK technique index. Export as JSON for your SIEM or ticketing system.