The Sensor Manager Application will install onto any currently supported Microsoft Windows Operating System and is used to centrally manage multiple open-source Zeek, Snort, Suricata and Wireshark sensors deployed on your network. The Application is used for configuring security policies that need to be applied to remote sensors, for receiving logs and alerts from remote sensors and for examining the network traffic.
Once you have deployed your sensors and are sending logs and alerts to a central Sensor Manager Application you can start to filter, search, correlate and run threat hunts across the hundreds and thousands of network meta-data fields that have been generated by your sensors. Threat hunting is a great way to be able to spot malware that is operational on your networks but has not yet been detected by other security tools, such as firewalls, proxies, anti-virus or endpoint detection technology. The Sensor Manager Application can help you identify protocol-misuse, scanning, brute force, HTTP, HTTPS and DNS tunnelling, beaconing to/from command-and-control C2 servers, the early stages of ransomware and signs of data exfiltration, to name but a few.
With the right-click of a mouse, any network event displayed in the Sensor Manager Application can be correlated with the exact packet capture that was recorded at the time the event was created and transferred from the sensor to the PC for analysis. Complex Wireshark filters can be generated on the fly to enable quick searches across all captured streams and pinpoint the specific packets relating to a suspected attack.
At any point in time, you can create and download informative snapshot reports (xls, pdf & doc) showing the network connections, protocols and anomalies discovered by the Sensor Manager Application and share them across your security operations teams.
The network meta-data that is collected will be stored in a Microsoft SQL Database which can be administered in-house and easily integrated with other software running concurrently with the Sensor Manager Application, enabling a more enhanced and collaborative threat detection capability. Having your data stored in Microsoft SQL Databases makes the task of back-up and restoring your data simpler for your colleagues and your databases can easily be shared across several Sensor Manager Applications for offline investigations by your security operations teams.
We provide an .iso image for you to build your Sniffa Sensors on your own hardware or virtual appliance environments, however if you just want to get started without the hassle, then you should purchase a Sniffa S2 Open-Sensor and Sensor Manager Subscription together.
The Sniffa S2 Open-Sensor appliances are built with an unmodified version of the Ubuntu Server Operating System (latest 22.04 LTS) and include the best-of-breed open-source threat detection software pre-installed and ready to go. They are expertly pre-configured and designed to operate with our Sniffa Sensor Management Applications out of the box.
The term 'Open-Sensor' means exactly what it says on the tin, it is 'open'. That means you are able to install supplementary software alongside the pre-installed Threat Detection software that you might consider appropriate in your environments. As well as reducing your overall operating expenditure (OPEX), having an Open-Sensor approach, means our sensors will easily fit into any software upgrade or vulnerability patching lifecycles you already run within your network environments. What's more, you own the tin, so Open-Sensors can be re-formatted after your subscription expires and you can re-deploy to other projects as you require.
Sensor Manager Subscriptions will be locked to a single server or pc seat using a subscription licence key, so running multiple management server seats will require multiple licence keys to operate. Contact us to discuss the best options for your networks.
Sniffa S2 Open Sensor
with
1 Year Sensor Manager Subscription
£1656 per sensor
Splunk Enterprise or Cloud Add-on Application
Perpetual Licence with 1 Years Updates
£450
Network Detection and Response (NDR) as a Service.
We can provide a centralised network monitoring service from the cloud that can be tailored to your specific needs.
Contact us to discuss your requirements and our available options that suit your networks and budget.
If you have bigger bandwidth requirements of networks links up to 100GBits/s, we recommend deploying our sensors on one of our partner's Packet Broker Appliances and managing them centrally, using our Sensor Manager Application located in the cloud or on premises.
The Cubro Omnia Packet Brokers will not only get the maximum performance from the open-soure threat detection tools, but our Sniffa Sensor Manager application is able to correlate logs and alerts directly with packet captures and logs stored on the Cubro Omnia appliance, which will greatly accelerate your threat hunting capability.
Contact us for further information and the latest offers.
