SentryWire Centralized Federation Manager

 

SentryWire’s Centralized Federation Manager is a Single Pane of Glass management console that monitors and initiates searches across the entire infrastructure. View fully sessionized packets of interest along with any corresponding logs via the browser-based UI or Wireshark with a simple click. SentryWire Federation Manager reduces the complexity for SOC teams conducting investigations across multiple geographically disparate sites with centralized or distributed SOC and NOC operations. Quickly and reliably perform searches for investigations across the entire network.

SentryWire’s Federation Manager allows customers to federate and manage thousands of systems to provide a hierarchical Full Packet Capture (FPC) architecture. A federated system approach maintains a query-able repository of all captured packets, across all SentryWire systems. The Open Platform Architecture approach ensures that custom reports are easy to create using exported data from SentryWire; all exported data is in a non-proprietary format. SentryWire’s Federation Manager reduces management overhead by allowing you to take action on a single Node or any federated SentryWire system for user management, policy changes, system status, health monitoring, or to perform any action you would on a single SentryWire system. Federation Manager allows for easy grouping of appliances to apply configuration changes or updates to system and user profiles manually or scripted API calls. Federation Manager operates on a 1U appliance, on any SentryWire Capture Node or a virtual machine, either VMware or KVM. Share searches, queries, signatures or tailored IoC elements across the entire enterprise.

SentryWire’s Dynamic Node Management provides the ability to add Nodes to support both vertical and horizontal scaling. Dynamic Node Management offers a “hot-swappable” architecture that increases system redundancy, a natural complement for SentryWire’s federated architecture. SentryWire’s Search Engine is exceptionally efficient. Federation Manager offloads much of the search overhead to the processing power of the target units selected for the search, resulting in the fastest search capability in the industry. Flexible search queries allow users to perform searches simultaneously across all SentryWire Nodes in an environment or select a single Node to search against. Search results return fully sessionized PCAP Data and corresponding logs, search results are immediately available to view in the browser-based UI. SentryWire provides Role-based Security Access using SSO, RADIUS, and LDAP pass-through authentication security for Federated SentryWire Clusters and Stand-Alone Systems. SOC team members can run searches in support of investigations at the same time, quickly and reliably perform searches for investigations across the entire network, by geography, function, or team roles. SentryWire includes Role Based Access Controls (RBAC) allowing analysts to view each other’s investigation or restrict access. SentryWire Federation Manager reduces the complexity for SOC teams conducting investigations across multiple geographically disparate sites with centralized or distributed SOC operations.