Network-Wide, Packet Search and Data-Mining.

InvestigationManager for Network-Wide, Packet Search and Data-Mining from full packet capture data

InvestigationManager™ is a powerful, lightweight, virtual-server application that allows rapid search and data-mining on multiple EndaceProbe™ Analytics Platforms simultaneously.

Using InvestigationManager, analysts can conduct searches across groups of EndaceProbes, or even all the EndaceProbes in an EndaceFabric™, simultaneously.

EndaceVision is the browser-based application found in InvestigationManager - and on all EndaceProbes - that lets teams investigate and resolve security threats, and application or network performance issues.

See EndaceVision in Action

Administrators can define which EndaceProbes in an EndaceFabric are attached to a specific InvestigationManager instance. This allows EndaceProbes to be logically grouped - for instance by team or region - and gives administrators fine-grained control over who has access to what recorded packet data.

Download datasheet

See it in Action

In this short demonstration, Endace's VP Product Management, Cary Wright, demonstrates how InvestigationManager delivers lightning-fast, centralized search and data-mining across a network-wide fabric of connected EndaceProbes and petabytes of recorded packet history.

Cary shows how the EndaceFabric architecture can seamlessly scale to accommodate faster link speeds and deeper storage requirements without compromising fast search speeds.

System Requirements

InvestigationManager will run in VMWare, KVM environments or in the EndaceProbe's built-in Application Dock™, hosting environment on either an EndaceProbe or on a physical EndaceCMS appliance. On ApplicationDock, one instance of InvestigationManager requires a Single Dock instance.

The system requirements for running an instance of InvestigationManager on VMWare or KVM are:

  • 4 x virtual CPU
  • 12GB RAM
  • 40GB disk for system install
  • 1TB or more of disk storage for storing packet archives