mo_patel
asked on
Network Traffic Monitoring/forensics
Hi All,
wondering what other people use for network traffic monitoring / forensics and their recommendations. Below are some of my requirements
• Full visibility of the traffic flow incoming/outgoing
• Be scalable so if we wanted to have a remote sensor in a different location we wouldn’t have 2 systems, instead have all info from remote location displayed on main GUI
• It does deep packet inspection/Intrusion detection – which is automatically updated with new signatures
• Has a DB backend which is used to store the data/ does auto archiving/ able to import archives back in if required for historical investigations
• Integrated with AD so it can show usernames
• Create scheduled reports
• Create custom reports
• Able to monitor SQL DB – Data Modification/ Schema/ statements
• See all MS file share traffic i.e. Create/Rename/Delete etc by IP and Username by file name and also be able to seach by filename to investigate last accessed/missing files
• Set up alerts if something happens i.e. a folder deleted/copied
• Email Header recording so we can see email subjects/ if we can see content even better
• Internet Traffic recording
• Bit-Torrent recording
• Enables us to create trend graphs so we can see spikes in traffic
wondering what other people use for network traffic monitoring / forensics and their recommendations. Below are some of my requirements
• Full visibility of the traffic flow incoming/outgoing
• Be scalable so if we wanted to have a remote sensor in a different location we wouldn’t have 2 systems, instead have all info from remote location displayed on main GUI
• It does deep packet inspection/Intrusion detection – which is automatically updated with new signatures
• Has a DB backend which is used to store the data/ does auto archiving/ able to import archives back in if required for historical investigations
• Integrated with AD so it can show usernames
• Create scheduled reports
• Create custom reports
• Able to monitor SQL DB – Data Modification/ Schema/ statements
• See all MS file share traffic i.e. Create/Rename/Delete etc by IP and Username by file name and also be able to seach by filename to investigate last accessed/missing files
• Set up alerts if something happens i.e. a folder deleted/copied
• Email Header recording so we can see email subjects/ if we can see content even better
• Internet Traffic recording
• Bit-Torrent recording
• Enables us to create trend graphs so we can see spikes in traffic
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.