The EndaceProbe Analytics Platform provides 100% accurate, continuous packet capture on network links up to 100Gbps, with unparalleled depth of storage and retrieval performance.
EndaceProbes enables analysts to find and solve challenging security threats like lateral movement, spoofed DNS, Command and Control (C2), and data exfiltration.
Combining Endace’s InvestigationManager (which provides central search and data-mining across a fabric of EndaceProbes) and workflow integrations with Palo Alto Networks Panorama and Cortex XSOAR enables fast, in-context drilldown to relevant packet data for fast, accurate, enterprise-wide threat investigations.
This Endace Content Pack and Playbook leverages EndaceProbe APIs to search for, archive and download PCAP files from individual or multiple EndaceProbes to automatically import and preserve critical packet evidence for your security automation workflows.
What does this pack do?
The Playbook included in this pack helps you save time, preserve evidence and leverage unalterable network packet data in your XSOAR workflows and evidence boards. It automates the search and storage of critical packet data for security incident response.
Key functions this playbook provides include:
- Search EndaceProbe Fabric for any traffic related to a specific security event or alert
- Automated archiving of relevant network PCAPs for compliance or incident response
- Links your evidence boards and war room to a one-click drill-down to packet data in EndaceVision for detailed forensic investigations