InvestigationManager
Network-Wide, Packet Search and Data-Mining.
InvestigationManager™ is a powerful, lightweight, virtual-server application that allows rapid search and data-mining on multiple EndaceProbe™ Analytics Platforms simultaneously.
Using InvestigationManager, analysts can conduct searches across groups of EndaceProbes, or even all the EndaceProbes in an EndaceFabric™, simultaneously.
EndaceVision™ is the browser-based application found in InvestigationManager - and on all EndaceProbes - that lets teams investigate and resolve security threats, and application or network performance issues.
Administrators can define which EndaceProbes in an EndaceFabric are attached to a specific InvestigationManager instance. This allows EndaceProbes to be logically grouped - for instance by team or region - and gives administrators fine-grained control over who has access to what recorded packet data.
See it in Action
In this short demonstration, Endace's VP Product Management, Cary Wright, demonstrates how InvestigationManager delivers lightning-fast, centralized search and data-mining across a network-wide fabric of connected EndaceProbes and petabytes of recorded packet history.
Cary shows how the EndaceFabric architecture can seamlessly scale to accommodate faster link speeds and deeper storage requirements without compromising fast search speeds.
System Requirements
InvestigationManager will run in VMWare, KVM environments or in the EndaceProbe's built-in Application Dock™, hosting environment on either an EndaceProbe or on a physical EndaceCMS appliance. On ApplicationDock, one instance of InvestigationManager requires a Single Dock instance. InvestigationManager can also be deployed in Azure or AWS.
The system requirements for running an instance of InvestigationManager on VMWare or KVM are:
- 4 x virtual CPU
- 12GB RAM
- 40GB disk for system install
- 1TB or more of disk storage for storing packet archives