Savvius Vigil automates the collection of network traffic needed for security investigations, both reducing the likelihood of a breach, minimizing their impact. Even breaches not discovered for months can be effectively investigated using Vigil. Savvius Vigil, which integrates with all leading IDS/IPS systems, includes Omnipeek, award-winning network forensics software.

Savvius Vigil diagram

How Vigil Works

Savvius Vigil integrates with your existing SIEM/IDS/IPS capabilities to intelligently determine what network traffic is relevant for breach investigations. Vigil continuously collects all network packets and only stores traffic associated with security alerts, discarding unassociated packets. The device also supports feeds from multiple sources simultaneously. Vigil captures the critical packets that led up to the alert being triggered, from up to 5 minutes before the alert, showing the original cause of a potential breach. You can also configure Vigil to store all packets based on specified IPs, ports or protocols, all the time, to provide insight into attacks that IDS/IPS solutions miss. And if you suspect an attack is ongoing, you can initiate a full packet capture with a single click, including up to 5 minutes of packet history.

System Specs


System Specs


  • 96TB of Storage
  • 4 port 1/10G Network Adapter
  • 2U Rack Mountable


  • Savvius Vigil software for monitoring and forensics
  • Monitoring dashboard with overview, storage use, and event management
  • Security Forensics capability, including hierarchical search by date, event, IP address, severity, etc.

Supported IDS/IPS


Supported IDS/IPS

  • HP Arcsight
  • Checkpoint
  • Cisco FirePOWER
  • Sophos Cyberoam
  • Fortinet
  • IBM QRadar
  • Lancope Stealthwatch by Cisco
  • McAfee Enterprise Security Manager
  • Palo Alto
  • Snort
  • Suricata
Savvius play video image

Webinar: What Security Professionals Can Learn From The Network Team

Network data is the most valuable information when it comes to security incident analysis, and odds are the network team is already collecting that valuable data. That’s why it’s important for any security team to have a close working relationship with the network team. They can help get the data that security professionals need to reduce the likelihood, or the impact, of a breach.

View Webinar

Our Customers

Customer Logo: Meralco

Large electrical utility company relies on Savvius tools to provide accurate, cost-effective network and application troubleshooting with long-term reporting and analytics.


Network & Cyber Security

  • Savvius Customer Logo: Cisco
  • Savvius Customer Logo: IBM

    IBM offers a deep enterprise security portfolio. Unmatched in its ability to help you disrupt new threats, deploy security innovations, and reduce the cost and complexity of IT security, IBM can safeguard your most critical data from compromise. The Savvius and IBM joint solution helps security professionals gain access to network-level data required to investigate security alerts triggered by Qradar SIEM, enabling network forensics in breach investigations. The joint solution gives visibility into network activities for alerts from months ago, including the network traffic before an alert even triggered.

  • Savvius Customer Logo: Check Point Software Technologies LTD
  • Savvius Customer Logo: Palo Alto Networks
    Palo Alto Networks

    Savvius Vigil integrates with Palo Alto Networks Next-Generation Firewall via syslog. When an alert is triggered by the firewall, the Savvius Vigil appliance captures the specific network traffic that caused the alert. Savvius Vigil continuously collects all network packets, receives security alerts generated by Palo Alto Networks PAN-OS® and only stores traffic associated with Palo Alto Networks security alerts, discarding unassociated packets. Savvius Vigil stores network traffic data from five minutes before through five minutes after the alert triggered.

  • Savvius Customer Logo: Fortinet

    Fortinet provides top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric. Fortinet’s security fabric combines Security Processors, an intuitive operating system, and applied threat intelligence to give you proven security, exceptional performance, and better visibility and control–while providing easier administration. Savvius Vigil becomes an integrated part of Fortinet security fabric for capturing, storing and analyzing network data associated with critical threat alerts, providing a valuable solution for customers and partners.

  • Savvius Customer Logo: Hewlett Packard Enterprise
    Hewlett Packard Enterprise

    Hewlett Packard Enterprise delivers high-quality, high-value products, consulting, and support services in a single package. HP has industry leading positions in servers, storage, wired and wireless networking, converged systems, software, services, and the cloud. The Savvius and HP joint solution lets security professionals add packet intelligence into their investigation of security alerts triggered by HP ArcSight SIEM, even if the alerts happened months in the past.