Savvius Omnipeek 10 is the first version of Omnipeek that includes features designed for rapid, efficient security investigations.
What's New in Savvius Omnipeek 10
- View File Content
Since information about file content is critical to most security investigations, Omnipeek® 10 reconstructs files by extracting data from reassembled HTTP payloads. This reconstruction, performed automatically when a packet file is opened, includes a thumbnail representation of each file in a new Files view.
- Investigation Overview
The new Overview graph overlays summary level information regarding the entire packet file under analysis. This information, displayed on every Omnipeek View, provides context for the current analysis and enables a rapid transition to any time segment.
- Savvius Omnipliance Status Notifications
Savvius Omnipliance® performs 24x7 analysis and troubleshooting for mission critical enterprise networks. When a drive goes down, or a network capture stops, Omnipeek 10 immediately notifies the administrator via syslog and/or email.
- Security Events from Snort and Suricata
Security analysts need packet data when investigating security alerts, whether in near-real time or months later. Omnipeek 10 imports the analytical results from two popular open source security analysis tools–Snort® and Suricata– and overlay the resulting security alerts against the packet data for immediate, detailed analysis of any suspected breaches.
- Customize Packet Decode Views
Network troubleshooting takes many different forms depending on the problem, sometimes requiring analysis of uncommon elements not offered in standard views. Omnipeek 10 creates unique packet decode columns based on any information within packets, making it very easy to find and compare packets that contain the specific elements under investigation.
- Filter Files to Maximize Computing Bandwidth
As networks get faster, packet captures get bigger. Opening these large packet files, or even multiple packet files, can be challenging on computers with limited resources. Filtering packet files for only the information needed, like a specific IP address and/or port range, before loading the packets significantly increases analysis performance.
- Faster Forensic Searches
Omnipeek 10 significantly increases the speed at which packet data can be retrieved from disk, making post-capture analysis much more efficient.