Analyze traffic captures

Why it matters

Full packet captures are an invaluable source of information for incident investigation, but rarely available after the fact:

  • Traditional packet capture requires a lot of storage space
  • There is no direct linkage to alert(s) requiring further investigation
  • Traffic is captured from limited number of locations, if at all

How we can help

  • SensorFleet Traffic Recorder provides integrated traffic capturing triggered by alerts from other Instruments, for example IDS's
  • User can easily navigate to relevant traffic snapshot from the alert of interest
  • Captured snapshots are stored on Sensors triggering the alerts. This optimizes required bandwidth and provides a broad coverage
Record and play traffic captures

Bigger picture

Distributed and integrated traffic capturing speeds up incident investigation significantly. With the SensorFleet solution, users can take this capability in use simply by installing Traffic Recorder Instrument. No additional infrastructure work required. Analysis of captures can be done directly in SensorFleet solution using the integrated Arkime instance in case an analyst does not want to move captures to an external analytics solution.

Previous use case Trip attackers with canary tokens Next use case Collect forensic data

Contact us

Privacy policy »

© SensorFleet Oy
Business ID: 2884312-2


SensorFleet Oy
Teknologiantie 11
90590 Oulu

Sami Petäjäsoja
+358 40 5030745


SensorFleet Oy
Hitsaajankatu 22
00810 Helsinki

Simo Mäkipaja
+358 40 583 3999