Microolap EtherSensor

<< Click to Display Table of Contents >>

Administrator's Guide | CHM EPUB PDF A4/Letter   

Microolap EtherSensor

Annotation

Microolap EtherSensor, v. 6.1.

 

Software Microolap EtherSensor is registered in the "Unified register of Russian programs for electronic computers and databases" of the Ministry of Communications of the Russian Federation under No. 5034.

Administrator's Guide.

2001 - 2020, Microolap Technologies

This document describes administrative tasks required to manage the operation of Microolap EtherSensor on your system. This document is intended for a technical audience, specifically the system administrators and information security officers in charge of Microolap EtherSensor.

Reproduction, adaptation or translation without written permission of Microolap Technologies is prohibited. The information contained in this document is subject to change without notice.

About Microolap EtherSensor

EtherSensor is an infrastructure platform for automating network traffic analysis (Network Traffic Analysis, NTA). EtherSensor extracts from traffic and analyzes objects from the data link layer to the application level layer inclusive: packets, sessions, files, messages, events and their metadata. Upon completion of the analysis, EtherSensor delivers the results to one or more systems-consumers.

EtherSensor is used as a provider of data and metadata extracted from traffic objects for NDR, DLP, eDiscovery, Enterprise Archiving systems, as well as for various SOC subsystems (SIEM systems, U(E)BA, high-load DLP systems, systems Network Detection and Response, Threat Intelligence/Management, Asset Management, Application Management, etc.).

Distinctive features of Microolap EtherSensor are:

High performance of processing network traffic for this class of solutions (20Gbps "out of the box" on commodity hardware, scalable to 50Gbps)

No restrictions on the number of supported Internet/Intranet services due to the openness of the system for detecting and capturing network traffic objects.

Microolap EtherSensor has been supplied since 2008. It is mainly used in information security systems.

How EtherSensor works:

admin_guide-01-index-1

Fig.1. Scheme of EtherSensor work.

Maintenance of the working instance of EtherSensor

To maintain and support your working instance of EtherSensor use EtherSensor PCAP Edition.

EtherSensor PCAP Edition does not require time-consuming preparatory measures for deployment in the network infrastructure of the organization and has fully identical functionality with the full version of EtherSensor in terms of network traffic analysis and delivery of results to systems-consumers.

With this edition you can debug and test filters, detectors and delivery profiles on pre-prepared PCAP files. After debugging and testing, you can put them on your EtherSensor production instance.

If you can't find the PCAP file for the case you need (Google: "pcap files collection"), use TCPDUMP or WireShark to record your own traffic. EtherSensor PCAP Edition supports pcap and pcapng formats.

Tip: Use TCPDUMP for Windows to write PCAP files on Windows.