Enabling Analytics Tools with Network History
There are two main technologies that allow third-party applications to be integrated easily with the Network History that EndaceProbe™ Analytics Platforms collect. Application Dock™ and the EndaceFabric's REST API.
These two technologies allow customers to streamline investigation workflows, and deploy virtualized analytics applications across the network inexpensively and quickly - delivering both significant cost savings and agility.
Endace REST API
The REST API enables highly integrated workflows. For example; an alert on a security partners dashboard can take the analyst directly to a filtered view of the Network History relating to the alert. The filtered view just shows the few relevant packets needed out of potentially billions of packets stored by EndaceFabric™.
Quickly uncovering the needle in the haystack allows analysts to understand and respond to issues quickly and conclusively, delivering a massive boost to productivity.
Endace Application Dock
Application Dock provides a powerful open hosting platform for deploying virtualized security or performance analysis tools on EndaceProbe™ hardware.
Customers can take advantage of the open Endace platform to host third-party analytics tools anywhere they have an EndaceProbe deployed on their network - without the need to deploy additional hardware.
Learn more about the benefits of a platform approach.
Accelerating Issue Investigation and Response
Investigating security threats and network or application performance issues can be extremely time-consuming, and often not conclusive. The EndaceProbe and EndaceFabric provide a powerful API that makes it easy for SecOps, NetOps, DevOps or operations teams to connect their monitoring and analytics tools to Network History.
Pivot-to-Packets™ provides the ability to search for and retrieve relevant packets and download them in a packet trace file by specifying search parameters such as date and time, source and destination host addresses and ports.
Pivot-to-Vision™ allows analysts to jump directly from an alert to a pre-filtered view of related traffic in EndaceVision. They can zoom out to look at pre-cursor or post-even traffic or switch to EndacePackets™, the built-in wireshark-like decode tool, to examine the packets without needing to download a packet trace file.