Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

RSA NETWITNESS INvESTIgAToR

RSA NETWITNESS investigator
Freeform analytics for investigations
and real-time answers
Key Benefits
–– D
ive deeply into the context and
content of network sessions in
real-time–making threat analysis
that once took days, take only
minutes.
–– View your network traffic with
better clarity and understanding
with Investigator’s lexicon of
nouns, verbs and adjectives
–– P
erform unprecedented free-form
contextual analysis of your raw
network data for complete
situational awareness.
d ata s h e e t
RSA® NetWitness® Investigator is based upon more than 10 years of development and
deployment experience in some of the most demanding and complex customer
environments. Investigator is the primary interactive analysis application of the
NetWitness AppSuite. It provides unprecedented free-form contextual analysis on
massive volumes of information exposed by the NetWitness NextGen infrastructure. Over
50,000 security professionals in 5,000 organizations across 179 countries rely upon
NetWitness Investigator for answers.
When you need clarity and definitive answers to the most challenging questions, you
need a level of fine-grained detail and the agility to quickly and efficiently examine
application layer sessions in a way that is easy to comprehend. Unlike other products
that display network traffic in the context of confusing network vework. The framework is
a lexicon of nouns, verbs and adjectives—characteristics of the actual application layer
content and context parsed by NextGen during session reconstruction at the time of
capture. With its customizable user interface and unprecedented analytics, Investigator
lets users analyze their network traffic in unlimited dimensions for complete situational
awareness.
Features
–– R
eal-time, patented OSI Layer
2–7 analytics
–– E
ffectively analyze data starting from
application layer entities like users,
email, address, files, and actions
–– U
nlimited, free-form analysis
dimensions
–– Content starting points
–– C
aptures in real-time from any wired
or wireless interface
–– P
atented method for decapsulating
protocols and applications
–– I nteractive time charts and
summary view
–– Interactive packet view and decode
Analysis that previously took days, now only takes minutes to perform. Users of
Investigator can easily perform automated and interactive analyses of complex security
problems. In addition, Investigator can be launched with one-click to provide forensic
confirmation or refute any event triggered in an existing IDS or SIEM console by using
NetWitness SIEMLink, a utility application that transparently provides direct access to
NetWitness analytics. With the fusion of NetWitness Live, the extent and magnitude of a
situation can be further illuminated to achieve the definitive accuracy required in today’s
business environment.
Deployment
NetWitness Investigator has the flexibility to locally capture live traffic and process packet
files from virtually any existing network collection device for quick and easy analysis.
Investigator is fully integrated with all NetWitness NextGen products and is licensed on a
per computer host basis. In addition, Investigator can be used to locally process packet
files and record in real-time from a network tap or span port with immediate insight into
network traffic.
–– Enhanced content views
–– P
atented port agnostic service
identification
–– E
xtensive network and application
layer filtering (e.g., MAC, IP, User,
Keywords)
–– IPv6 support
–– F ull content search, with Regex
support
–– E
xports data in .pcap format for
malware analysis and content
inspection
–– Hash pcap on export
–– Imports packets from any packet
capture system (e.g., open-source,
custom built and commercial) in .
pcap file format
–– Bookmarking & history tracking
–– T raffic visualized geographically via
Google Earth supports SNORT rules
identification of encrypted traffic
–– S
SL decryption (with server
certificate)
System Requirements
–– W
indows® XP, 2003 Server,
Vista, Windows 7
–– Internet Explorer 6+ or Firefox
–– 1 Ethernet Port
–– N
etWitness Investigator &
capture infrastructure
www.rsa.com
About RSA
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance
management solutions for business acceleration. RSA helps the world’s leading
organizations solve their most complex and sensitive security challenges. These challenges
include managing organizational risk, safeguarding mobile access and collaboration,
proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management,
SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with
industry leading eGRC capabilities and robust consulting services, RSA brings visibility and
trust to millions of user identities, the transactions that they perform and the data that is
generated. For more information, please visit www.RSA.com and www.EMC.com.
EMC2, EMC, RSA, the RSA logo, RSA NetWitness are registered trademarks or trademarks of EMC Corporation in the United
States and other countries. All other trademarks used herein are the property of their respective owners. © Copyright
2012 EMC Corporation. All rights reserved. Published in the USA. h9021-nwinv-ds-0112
Related documents
Senior SW Quality Engineer (RSA, Beer
Senior SW Quality Engineer (RSA, Beer
Preliminary Application Form
Preliminary Application Form
Investigator Compliance Form 2015
Investigator Compliance Form 2015
NetWitness CEO to Keynote SecureGOV GTRA
NetWitness CEO to Keynote SecureGOV GTRA
rsa
rsa
IBC Personnel Amendment
IBC Personnel Amendment
1 - Clinical Research Centre
1 - Clinical Research Centre
Biological Material Form - Oklahoma Christian University
Biological Material Form - Oklahoma Christian University
ACS IRG Progress Report
ACS IRG Progress Report
Download