Purpose-built for the unique challenges of IoT environments: diverse device types, proprietary protocols, and distributed architectures. Galileo processes network flow records to detect anomalies, unauthorized communications, and suspicious behavior patterns specific to IoT ecosystems.

Comprehensive flow enrichment with nDPI protocol identification and over 40 network metrics including entropy analysis, packet timing, and behavioral patterns. Captures live traffic and generates structured data in Apache Arrow and Parquet formats for both real-time monitoring and historical threat hunting.

Built on Unix principles with composable command-line tools that combine to create sophisticated analytics pipelines. User-friendly open-source licensing enables you to audit, modify, and extend the toolkit while eliminating vendor lock-in and integrating seamlessly with existing infrastructure.