Network-Wide, Packet Search and Data-Mining.
InvestigationManager™ is a powerful, lightweight, virtual-server application that allows rapid search and data-mining on multiple EndaceProbe™ Analytics Platforms simultaneously.
Using InvestigationManager, analysts can conduct searches across groups of EndaceProbes, or even all the EndaceProbes in an EndaceFabric™, simultaneously.
Administrators can define which EndaceProbes in an EndaceFabric are attached to a specific InvestigationManager instance. This allows EndaceProbes to be logically grouped - for instance by team or region - and gives administrators fine-grained control over who has access to what recorded packet data.
See InvestigationManager's Rapid Search in Action
InvestigationManager's rapid search capability leverages the horizontal scalability of the EndaceFabric architecture to enable "needle-in-the-haystack" searches for packets-of-interest across petabytes of distibuted, recorded packet data in seconds. This is a game-changer for analyst productivity.
This short video demonstratea a search for specific packets-of-interest performed across more than a petabyte of recorded Network History distributed across seven, globally-distributed EndaceProbes simultaneously.
InvestigationManager will run in VMWare, KVM environments or in the EndaceProbe's built-in Application Dock™, hosting environment on either an EndaceProbe or on a physical EndaceCMS appliance. On ApplicationDock, one instance of InvestigationManager requires a Single Dock instance.
The system requirements for running an instance of InvestigationManager on VMWare or KVM are:
- 4 x virtual CPU
- 12GB RAM
- 40GB disk for system install
- 1TB or more of disk storage for storing packet archives