The Sensor Manager Application will install onto any currently supported Microsoft Windows Operating System and is used to centrally manage multiple open-source Zeek, Snort, Suricata and Wireshark sensors deployed on your network. The Application is used for configuring security policies that need to be applied to remote sensors, for receiving logs and alerts from remote sensors and for examining the network traffic.
Once you have deployed your sensors and are sending logs and alerts to a central Sensor Manager Application you can start to filter, search, correlate and run threat hunts across the hundreds and thousands of network meta-data fields that have been generated by your sensors. Threat hunting is a great way to be able to spot malware that is operational on your networks but has not yet been detected by other security tools, such as firewalls, proxies, anti-virus or endpoint detection technology. The Sensor Manager Application can help you identify protocol-misuse, scanning, brute force, HTTP, HTTPS and DNS tunnelling, beaconing to/from command-and-control C2 servers, the early stages of ransomware and signs of data exfiltration, to name but a few.
With the right-click of a mouse, any network event displayed in the Sensor Manager Application can be correlated with the exact packet capture that was recorded at the time the event was created and transferred from the sensor to the PC for analysis. Complex Wireshark filters can be generated on the fly to enable quick searches across all captured streams and pinpoint the specific packets relating to a suspected attack.
At any point in time, you can create and download informative snapshot reports (xls, pdf & doc) showing the network connections, protocols and anomalies discovered by the Sensor Manager Application and share them across your security operations teams.
The network meta-data that is collected will be stored in a Microsoft SQL Database which can be administered in-house and easily integrated with other software running concurrently with the Sensor Manager Application, enabling a more enhanced and collaborative threat detection capability. Having your data stored in Microsoft SQL Databases makes the task of back-up and restoring your data simpler for your colleagues and your databases can easily be shared across several Sensor Manager Applications for offline investigations by your security operations teams.
SPLUNK SEARCHES
