← Back to homepage

Annotator Catalog

Syndu annotates all incoming traffic, looking for specific behavioral signals. Each annotator represents one “signal family” that can be explained, audited, and linked to real observed entities (IPs, subnets, orgs/ISPs, countries, cities) captured by the suite.

Start typing to filter the annotators below. Use the dropdown to jump quickly by code or name.

code bot

Automated client behavior

Signal intent: Traffic patterns strongly suggest automation rather than a human-operated browser.

Explore bot annotator →

code ua

User-Agent anomaly

Signal intent: User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.

Explore ua annotator →

code ref

Referrer abuse

Signal intent: Referrer patterns look manipulated, irrelevant, or inconsistent with normal navigation.

Explore ref annotator →

code request_size

Request size anomaly

Signal intent: Requests are unusually large or shaped in a way that suggests abuse or automation.

Explore request_size annotator →

code scan_velocity

Scan velocity

Signal intent: High request rate and broad endpoint coverage suggest scanning or automated enumeration.

Explore scan_velocity annotator →

code proto

Protocol anomaly

Signal intent: Request structure or protocol-level signals deviate from typical browser HTTP traffic.

Explore proto annotator →

code method

HTTP method anomaly

Signal intent: Unusual or unexpected HTTP methods observed for the target endpoints.

Explore method annotator →

code sfp

Sensitive file probing

Signal intent: Requests target commonly sensitive files, configs, backups, or administrative resources.

Explore sfp annotator →

code trav

Path traversal attempts

Signal intent: Request paths/parameters resemble attempts to access files outside intended directories.

Explore trav annotator →

code fwprobe

Firewall probing

Signal intent: Traffic behavior suggests probing of access controls and protected surfaces.

Explore fwprobe annotator →

code cred

Credential brute forcing

Signal intent: Repeated authentication attempts consistent with password guessing or credential stuffing.

Explore cred annotator →

code cmdi

Command injection attempts

Signal intent: Request content resembles attempts to execute OS commands via an application.

Explore cmdi annotator →

code injg

General injection attempts

Signal intent: Suspicious input patterns consistent with injection-like probing across multiple families.

Explore injg annotator →

code sqli

SQL injection attempts

Signal intent: Input patterns resemble attempts to manipulate SQL queries via application parameters.

Explore sqli annotator →

code hdrinj

Header injection attempts

Signal intent: Input patterns suggest attempts to manipulate headers or downstream header parsing.

Explore hdrinj annotator →

Annotator Catalog

Confirm Action