Skip to main content

Endace

Download With Dependencies

This integration uses Endace APIs to search, archive and download PCAP file from either a single EndaceProbe or many via the InvestigationManager and enables integration of full historical packet capture into security automation workflows

The EndaceProbe Analytics Platform provides 100% accurate, continuous packet capture on network links up to 100Gbps, with unparalleled depth of storage and retrieval performance.
EndaceProbes enables analysts to find and solve challenging security threats like lateral movement, spoofed DNS, Command and Control (C2), and data exfiltration.
Combining Endace’s InvestigationManager (which provides central search and data-mining across a fabric of EndaceProbes) and workflow integrations with Palo Alto Networks Panorama and Cortex XSOAR enables fast, in-context drilldown to relevant packet data for fast, accurate, enterprise-wide threat investigations.
This Endace Content Pack and Playbook leverages EndaceProbe APIs to search for, archive and download PCAP files from individual or multiple EndaceProbes to automatically import and preserve critical packet evidence for your security automation workflows.

What does this pack do?

The Playbook included in this pack helps you save time, preserve evidence and leverage unalterable network packet data in your XSOAR workflows and evidence boards. It automates the search and storage of critical packet data for security incident response.
Key functions this playbook provides include:

  • Search EndaceProbe Fabric for any traffic related to a specific security event or alert
  • Automated archiving of relevant network PCAPs for compliance or incident response
  • Links your evidence boards and war room to a one-click drill-down to packet data in EndaceVision for detailed forensic investigations

For a short video demo showing this Playbook in action visit the Endace Youtube Channel or Endace PaloAlto integration.

The EndaceProbe Analytics Platform provides 100% accurate, continuous packet capture on network links up to 100Gbps, with unparalleled depth of storage and retrieval performance.
EndaceProbes enables analysts to find and solve challenging security threats like lateral movement, spoofed DNS, Command and Control (C2), and data exfiltration.
Combining Endace’s InvestigationManager (which provides central search and data-mining across a fabric of EndaceProbes) and workflow integrations with Palo Alto Networks Panorama and Cortex XSIAM enables fast, in-context drilldown to relevant packet data for fast, accurate, enterprise-wide threat investigations.
This Endace Content Pack and Playbook leverages EndaceProbe APIs to search for, archive and download PCAP files from individual or multiple EndaceProbes to automatically import and preserve critical packet evidence for your security automation workflows.

What does this pack do?

The Playbook included in this pack helps you save time, preserve evidence and leverage unalterable network packet data in your XSOAR workflows and evidence boards. It automates the search and storage of critical packet data for security incident response.
Key functions this playbook provides include:

  • Search EndaceProbe Fabric for any traffic related to a specific security event or alert
  • Automated archiving of relevant network PCAPs for compliance or incident response
  • Links your evidence boards and war room to a one-click drill-down to packet data in EndaceVision for detailed forensic investigations

For a short video demo showing this Playbook in action visit the Endace Youtube Channel or Endace PaloAlto integration.

PUBLISHER

Endace

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedJuly 22, 2020
Last ReleaseSeptember 12, 2023
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.