Endace Applied Watch Command Center - Data Mining

While wire speed data capture can provide a critical history of network events, the ability to mine this content for specific traffic can be the difference between merely collecting bulk data versus gleaning more critical information. The Endace Applied Watch Command Center provides sophisticated data mining capabilities that complement NinjaProbe’s leading write-to-disk performance, extensible storage capacity and IDS rule matching engine. Once a rule is matched, or alert condition raised, the EAWCC can be used to select captured data from before, during, or after, the alarming event. NinjaProbe maintains a fully rotating capture file that in its base configuration, and by example, can store nearly 5 hours of data when captured at a packet rate of 5 Gb/s.

Stored data can be filtered as part of the mining process. Leveraging NinjaProbe’s 5-tupple hardware filtering for source and destination IP address and port and protocol numbers, granular data searches can be performed immediately. The selected data of specific interest can then be uploaded in a standard .pcap file format, facilitating the used of existing analytical and forensic applications. The integration of NinjaProbe’s forwarding API, provides ready access for any third party application looking to interrogate captured files and retrieve selected information.

The NinjaProbe CACE Pilot Network Analysis application provides an additional out of the box solution for data mining. Fully integrated with NinjaProbe, the CACE Pilot Network Analysis server catalogs all stored data, providing meta data summaries to remote NinjaProbe CACE Pilot Network Analysis clients for traffic graphing and reporting. In-turn, once particular traffic flows have been isolated, NinjaProbe CACE Pilot Network Analysis client can request instant .pcap file transfers for immediate Wireshark dissection.