Today's threat landscape demands that you have all the available tools in your arsenal. Whether you are using commercial, custom or open source tools, SentryWire is your platform. SentryWire, through the use of the Application Node has been instrumented to many of the leading commercial, open source and custom visualization and analytical solutions.

SentryWire Dashboard Laptop 2021 1 317 266.png

Visualization

With SentryWire's Application Node and our RESTful API you can instrument to the world's leading commercial, open source and custom visualization platforms including 3D interfaces that allow security engineers to isolate anomalous activity. SentryWire's instrumentation to existing tools provides log correlation and aggregation visualization solutions with fast and seamless access to metadata logs.

Analytics

Pre-Analytics and real-time filtering, with a RESTful API allowing for integration with existing analytic tools and platforms. We've learned that with big data, you just don't point analytic tools at large data sets and expect deep insights to spring out, SentryWire uses BPF syntax and Suricata to filter large amounts of data down to a very manageable size so that customers can run additional tools, such as ELSA, SPLUNK, ArcSight... to uncover deeper insights regarding potential threats.

SentryWire Investigator

The new SentryWire Investigator gives analysts the flexible, Elastic-based visual display capabilities they have been asking for.  With SentryWire Investigator, Analysts can use out of the box displays to identify, and investigate events of interest by drilling down into SentryWire data. Displays include metrics such as:

  • Top 5 Source IPs (with ports),

  • Top 5 Destination IPs (with ports),

  • Top Ten Data Flows,

  • Top Ten Outbound Connections,

  • Top Ten Data Flows (Client and Server)

Using the Elastic and Kibana engines, analysts can now not only identify events, but filter on them, and add views to a panel/dashboard for rapid and constant review.

In our 408.13 our primary feature enhancement is the addition of a SentryWire Federation Manager UI based SentryWire Investigator for an enhanced search investigation and analysis workflow that is browser (UI) based, or a comprehensive workflow interface that is built upon Elastic Search that is additive to SentryWire's REST API interface
 
SentryWire Investigator integrates within our SentryWire Federation Manager so search investigations can be reviewed, or analyzed across a Federation or Federation groups. SentryWire Investigator is served up in a single UI that includes a console for search investigations and search data presentation and layering of data sets associated with the search results.
 
With SentryWire Investigator, you get:

  • A single consolidated search UI bar for any type of search filtering supported (BPF and text string)

  • Our standard packet capture and enriched metadata results from a search, as we produce them now. Results will be cross correlated on a per search basis within an Elastic search database for full feature analysis and from which we will display and sort data within the UI using a Kibana framework which enabled an additional intelligent analysis and investigation of the search results; but doing so at scale within our Federation Manager

  • SentryWire Investigator UI console views that include the ability to sequence thru the search where the correlated data will be stacked (grouping) to reduce analyst workload by improving workflow.

  • Traffic headers extracted from full content data: supports the capability of easily identifying the purpose of a conversation to determine if that conversation is benign, suspicious, or malicious where the traffic headers represent the transcript of all session content that shows exactly what the source sent and how the destination replied to understand what happened.

  • Stacking (grouping) of similar records as follows as viewable returned search objects:

  • Full content data (stream) and to identify segments in a stream allowing the system to reassemble the segments of specific streams and present results as human readable text.

  • When data correlation that includes a file from the search, the file will be reconstructed in its original Mime or defined as unknown mine and also converted to a PDF for viewability with the UI.

  • The ability to review correlating data such as alert data (Suricata events), and enriched metadata.

  • Relevant descriptive statistical data (Number of sessions, types of protocols, Number of IP end points, number of files, etc.) and then top talkers/data sizes)

 

SentryWire Investigator is hosted as a VM or on a small dedicated 1 or 2U application server, and will offer all the benefits of Elastic Search integrated with SentryWire. SentryWire Investigator will provide standard and custom investigation and reporting capabilities leveraging the metadata created by SentryWire in addition to the PCAP data collected. SentryWire Investigator has a lot of customization flexibility, allowing SentryWire to focus on your specific requirements and use cases, while also providing robust reporting for analysts and management. SentryWire Investigator was developed based on explicit customer feedback which has guided every decision throughout the development cycle. Our initial customer focus groups love the update and you will too!

SentryWire Search Manager

We have also developed our new SentryWire Search Manager (SSM) with Elastic Search integrated into the SentryWire GUI (408.13). This new capability will greatly enhance a security analyst’s ability to dig deep into the metadata and artifacts associated with a security or network operations investigation.

Pick your SentryWire System!

Browse the different SentryWire Solutions to find the one that is perfect for your organization.

SentryWire Sentry Box Units HPE Servers 1 New Dashboard 2021 1 500 x 203.png