NetWitness - Total Network Knowledge™


Products NextGen Overview Infrastructure Products Decoder Concentrator Broker Applications Informer Investigator SIEMLink API/SDK Tech-in-Depth InSight Live Freeware Solutions Overview By Challenge Incident Response Data Leakage Data Governance By Industry Financial Services Government Law Enforcement Protection of Customer Data Resources Overview Webcasts Press Releases In the News Events Company Management Team Board of Directors Careers Contact Us

Investigator

How do you resolve alerts from your IDS or SIM that you do not understand?
Can you quickly understand the scope and impact of malicious activity on your network?
How can you investigate who is leaking information to your competitors or the press?

Download NetWitness Investigator Free!
(Now includes NetWitness Live)
Read More about the Freeware Version>>>

NetWitness® Investigator is the award-winning interactive threat analysis application of the NetWitness NextGen product suite. Investigator provides security operations staff, auditors, and fraud and forensics investigators the power to perform unprecedented free-form contextual analysis of raw network data captured and reconstructed by the NetWitness NextGen infrastructure. Developed originally for the U.S. Intelligence Community, and now used extensively by Law Enforcement, Defense, and other public and private organizations, Investigator is based upon 10 years of development and deployment in some of the most demanding and complex threat environments.

With its groundbreaking user interface and unprecedented analytics, Investigator lets you see your network traffic in a new way. Unlike packet analysis products products which display network traffic in the context of confusing network nomenclature, Investigator uses a lexicon of nouns, verbs and adjectives – characteristics of the actual application and logic layer protocols parsed by NextGen during session reconstruction.

Both novice and expert users can use Investigator to pivot terabytes of network traffic easily to dive deeply into the context and content of network sessions in real-time -- making threat analysis that once took days, take only minutes. It is this intersection of network metrics, rich application flow, and content information that differentiates NetWitness® products from any other capability on the market today.

In addition to the rich data Investigator receives from the NextGen infrastructure of NetWitness Decoders and Concentrators, Investigator Enterprise can locally capture live traffic and process packet files from virtually any existing network collection device for quick and easy analysis. And by integrating NetWitness Investigator Enterprise with NetWitness® Live, you also have access to multi-source threat intelligence.

Product Features:

Supports NetWitness® Live
SSL Decryption (with server certificate)
Interactive time charts, and summary view
Interactive packet view and decode
Hash Pcap on Export
Enhanced content views
Real-time, Patented Layer 7 Analytics
     – Effectively analyze data starting from application layer entities like users, email, address, files , and actions.
     – Infinite, free-form analysis paths
     – Content starting points
     – Patented port agnostic service identification
Extensive network and application layer filtering (e.g. MAC, IP, User, Keywords, Etc.)
IPv6 support
Captures live from any wired or wireless interface
Full content search, with Regex support
Exports data in .pcap format
Imports packets from any open-source, home-grown and commercial packet capture system(e.g. .pcap file import)
Bookmarking & History Tracking
Integrated GeoIP for resolving IP addresses to city/county, supporting Google Earth visualization
Customizable right-click functionality
Supports WLAN 802.11 Microsoft, Linux and Mac OS radio devices as well as various header formats including CACE’s per packet information
Supports RSA SecurID and LDAP authentication

Choose your Edition:
No matter what your I/T problem, existing infrastructure, or technology preference—there's an edition of NetWitness® Investigator that's right for you. Use the descriptions below to help you choose your edition.

Investigator
With Investigator you are provided with a full featured, stand-alone product capable of local live capture and local packet file importing. Ideal for tactical and point analysis of network traffic. Supports 25 simultaneous 1GB captures - far exceeding data manipulation capabilities of packet tools like Wireshark.

Download NetWitness Investigator Free!

Investigator Enterprise
Licensed to customers with a NetWitness NextGen™ infrastructure, Investigator Enterprise is ideal for enterprise users that require remote analytical access to NetWitness NextGen™ linux-based appliances.

Deployment:
NetWitness Investigator is licensed per computer host, and can be used to locally process packet files, collect live from a network tap or span port with insight into network traffic of your choice. In addition, Investigator is fully integrated with all NetWitness NextGen™ products.

Screenshots:

NetWitness Investigator’s industry leading interactive user interface provides the threat analyst the ability to drill into multiple dimensions of terabytes captured traffic across all network layers. View complete information about any network sessions by drilling into fully reconstructed content and visualize your network traffic geographically via Google Earth.

Minimum system requirements:
NetWitness recommends the following minimum hardware requirements for NetWitness Investigator:

Windows® 2003 Server or Vista 32-bit
Single 2Ghz Intel-based processor (Dual-core recommended)
1GB RAM (2GB Recommended)
1 Ethernet Port
Internet Explorer v7+ (IE v6 may limit some functionality)
Ample data storage to process and collect

Call 703-889-8950 or contact sales@netwitness.com for more information about NetWitness® Investigator and other NetWitness NextGen™ products.

Support

Community

Blog