Incident Response Tool - SentryWire Packet Capture Tool


Incident Response

 

Mouse Click Icon Red Lines Black 1 100 100 1.png

Unlogged Activity Detection

In conjunction with enterprise log correlation tools (Splunk, ELSA, LogRhythm, etc.), quickly detect and sessionize network activity that may have been removed from log buffers prior to being written to disk.

 
Upload Box 1 100 100 1 Red & Black.png

Data Exfiltration Detection

Log exfiltrated files with 5-Tuple indexing and hash details for comparing data, taking actions and retrieving sessionized PCAPs for forensics.


3 People Line Icon 1 100 100 2.png

Phishing Preparation Detection

Detect and log all URLs traversing the network, from targeted phishing emails to web traffic, and alert when internal traffic accesses those URLs, automatically sessionizing the corresponding traffic for human validation and remediation.

 
Network Behavior Icon Black & Red 1 100 100 1.png

Malware Infiltration Detection

Detect, Classify and Extract objects (files, URLs, IP Addresses, etc.) in real-time to inspect and take appropriate actions to enrich cyber investigations and generate alerts.


 
Alert Icon 1 100 100 1 red & Black.png

Indicators & Signatures Alerting

Multi-level signature and behavior event session search and logging, with visualization through DPI visualizer. Configure groupings of signature and unusual behavior alerts dynamically while in the fight, while real-time IDS alerting generates event logs for HTTP, Files, DNS, email, user agents, TLS/SSL, VoIP – all automatically correlated with PCAP and IPFIX flow records.

 

Pick your SentryWire System!

Browse the different SentryWire Solutions to find the one that is perfect for your organization.

SentryWire Packet Capture Tool System