Enabling Analytics Tools with Network History
There are two main technologies that allow third-party applications to be integrated easily with the Network History that EndaceProbe™ Analytics Platforms collect. Application Dock™ and the EndaceFabric's REST API.
These two technologies allow customers to streamline investigation workflows, and deploy virtualized analytics applications across the network inexpensively and quickly - delivering both significant cost savings and agility.
Endace REST API
The REST API enables highly integrated workflows. For example; an alert on a security partners dashboard can take the analyst directly to a filtered view of the Network History relating to the alert. The filtered view just shows the few relevant packets needed out of potentially billions of packets stored by EndaceFabric™.
Quickly uncovering the needle in the haystack allows analysts to understand and respond to issues quickly and conclusively, delivering a massive boost to productivity.
Endace Application Dock
Application Dock provides a powerful open hosting platform for deploying virtualized security or performance analysis tools on EndaceProbe™ hardware.
Customers can take advantage of the open Endace platform to host third-party analytics tools anywhere they have an EndaceProbe deployed on their network - without the need to deploy additional hardware.
Learn more about Application Dock hosting.
Accelerating Issue Investigation and Response
Investigating security threats and network or application performance issues can be extremely time-consuming, and often not conclusive. The EndaceProbe and EndaceFabric provide a powerful API that makes it easy for SecOps, NetOps, DevOps or operations teams to connect their monitoring and analytics tools to Network History.
Pivot-to-Packets™ provides the ability to search for and retrieve relevant packets and download them in a packet trace file by specifying search parameters such as date and time, source and destination host addresses and ports.
Pivot-to-Vision™ allows analysts to jump directly from an alert to a pre-filtered view of related traffic in EndaceVision. They can zoom out to look at pre-cursor or post-event traffic or switch to Wireshark to examine the packets without needing to download a packet trace file.