Analyze traffic captures
Why it matters
Full packet captures are an invaluable source of information for incident investigation, but rarely available after the fact:
- Traditional packet capture requires a lot of storage space
- There is no direct linkage to alert(s) requiring further investigation
- Traffic is captured from limited number of locations, if at all
How we can help
- SensorFleet Traffic Recorder provides integrated traffic capturing triggered by alerts from other Instruments, for example IDS's
- User can easily navigate to relevant traffic snapshot from the alert of interest
- Captured snapshots are stored on Sensors triggering the alerts. This optimizes required bandwidth and provides a broad coverage
Bigger picture
Distributed and integrated traffic capturing speeds up incident investigation significantly. With the SensorFleet solution, users can take this capability in use simply by installing Traffic Recorder Instrument. No additional infrastructure work required. Analysis of captures can be done directly in SensorFleet solution using the integrated Arkime instance in case an analyst does not want to move captures to an external analytics solution.