NetHush

NetHush is a web app + lightweight desktop agent that continuously maps “shadow” network egress and unexpected tunnels that bypass your intended controls. It watches DNS, proxy, and outbound connection metadata from endpoints and key servers, then builds a living baseline of normal destinations per app/process. When a new SaaS domain, IP range, or protocol suddenly appears (or traffic starts avoiding your proxy/VPN), NetHush flags it with a plain-English explanation and a reproducible trail (process, user, device, time, destination, and first-seen context). It also checks risky patterns like direct-to-internet admin tools, split-tunnel drift, unauthorized remote access software, and DNS-over-HTTPS bypass. The goal isn’t another noisy SIEM: it’s fast, actionable “why is this box talking to that?” answers, plus one-click containment suggestions (block list export, firewall rule snippets, or EDR isolation handoff).