Integrating Packet Capture with SIM/SIEM Tools

Security Information Management (SIM) or Security Information and Event Management (SIEM) tools can be an extremely useful way to manage the plethora of alerts that security teams face.

The purpose of SIM / SIEM tools is to collect and collate events and alerts from a range of sources, including log files, authentication records and the alerts generated by security monitoring tools. This gives security analysts a more holistic view of activity, and saves them time in collating information relevant to an event.

However, the information that SIEM tools collect is often circumstantial rather than definitive. Once an event is identified as warranting further investigation, analysts must still reconstruct the event to understand exactly what happened, and what the impact of that event is.

Integrating Packet Capture with SIM/SIEM Tools

Recording a packet-level history of network activity - often referred to as full packet capture or continuous packet capture - provides definitive evidence of what has taken place on the network.

Integrating Network History into SIM/SIEM tools allows security analysts to pivot directly from an alert in their SIEM to the detailed packet-level forensic data relating to that event to reconstruct exactly what took place. This dramatically accelerates incident investigation and allows SecOps teams to be more productive and confident in responding to threats.

Evidence Integrated Into Your Tools


Endace's Fusion Partner Program brings together solutions from leading security and performance analytics vendors which leverage the EndaceProbe's Application Dock hosting, and workflow APIs, to integrate Network History into their applications.

With accurate Network History integrated into their security monitoring tools, SecOps teams have concrete evidence at their fingertips. This accelerates the investigation and resolution of security threats and allows teams to proactively hunt for threats

Learn more

Want to know more?

Integrating always-on packet capture into your security and performance monitoring tools gives you definitive evidence at your fingertips. 

Find out just how fast and accurate your investigations can be.

Get in touch