Dendrite

See every connection. Know every client.

Dendrite is the sensor layer at the heart of every Gen0Sec deployment. It captures every connection on the wire and identifies what's on it — what client made it, what tool sent it, what protocol it used. The fingerprints it produces feed everything else: rules, ML, alerts.

What Dendrite is for

• Identify clients without IPs. JA4+ fingerprints describe the client, not the address. The same tool from a hundred rotating IPs has the same fingerprint.
• Full JA4+ suite. TCP (JA4T), TLS (JA4 / JA4S), HTTP (JA4H), latency (JA4L), SSH (JA4SSH), DHCP (JA4D), X.509 (JA4X). One sensor, everything covered.
• Linux and Windows. Same API, same fingerprints, same downstream consumers.
• Feed anything. Fingerprints stream into Cerebellum, Amygdala, Cortex — or your own pipeline.

How it fits

Dendrite is the sensor. Everything else in the platform — Cortex's predictions, Amygdala's rules, Cerebellum's correlations — operates on the fingerprints Dendrite produces.

Use cases

• Identify a credential-stuffing tool across rotating IPs by its TLS fingerprint.
• Detect a new bot family by spotting fingerprints with no historic baseline.
• Audit your own client fleet — Dendrite shows you which TLS libraries your services actually negotiate with.
• Threat hunt across mirrored traffic without ever sitting in the data path.

See also

• Synapse documentation — the agent that ships Dendrite
• Cortex — classifies the fingerprints Dendrite emits
• Amygdala — acts on the fingerprints downstream