Network Probe

Advanced network traffic monitoring and analysis for comprehensive security visibility.

The Network Probe module provides deep packet inspection, flow analysis, and network behavior monitoring capabilities. It captures and analyzes network traffic in real-time, feeding enriched data to the SIEM and analytics modules for advanced threat detection and forensic investigation.

What is Network Probe?

Network Probe transforms your network infrastructure into a comprehensive security monitoring system with distributed collection points that provide security intelligence about network activity, threats, and anomalies.

In simple terms:

  • What it is: Distributed network security monitoring and data collection system

  • How it works: Deploy probes across network segments, configure pipelines, monitor traffic in real-time

  • What it does: IDS/IPS functionality, packet capture, NetFlow analysis, threat detection

Overview

Energy Logserver Network Probe extends monitoring capabilities beyond traditional log collection to include:

  • Traffic Analysis: Deep packet inspection and protocol analysis

  • Flow Monitoring: NetFlow/IPFIX/sFlow collection and analysis

  • Performance Monitoring: Network bandwidth and latency tracking

  • Security Detection: Anomalous traffic pattern identification

  • Forensic Capabilities: Detailed traffic capture for investigation

Key Capabilities

  • Multi-Protocol Support: Analysis of TCP, UDP, ICMP and application-layer protocols

  • Scalable Deployment: Distributed probe architecture for enterprise networks

  • Real-Time Processing: Stream processing with minimal latency

  • Integration: Native integration with Energy Logserver SIEM and analytics

  • Customizable Pipelines: Flexible data processing and enrichment

Key Benefits

Security Benefits:

  • Real-time network threat detection with IDS/IPS capabilities

  • Full packet capture for forensic analysis and incident response

  • Comprehensive visibility across distributed network infrastructure

  • Advanced threat hunting with deep packet inspection

Business Benefits:

  • Centralized management of distributed network security infrastructure

  • Scalable deployment supporting hundreds of network segments

  • Cost-effective monitoring built with open-source foundation and enterprise features

  • Compliance support for network monitoring requirements

Built-in Monitoring Tools

IDS and Full Packet Capture

Network Probe provides a high performance Network IDS, IPS and Network Security Monitoring engine. It captures anomalies and logs network traffic alarms based on defined rules, with the ability to save PCAP of all detected packets for detailed forensic analysis.

NDR (Network Detection and Response)

Network Probe acts as a passive network traffic analyzer supporting investigations of suspicious or malicious activity. It provides extensive logs describing network activity including comprehensive connection records, application-layer transcripts (HTTP sessions, DNS requests, SSL certificates, SMTP content), and support for external SIEM integration for querying and analysis.

NetFlow Collection

Network Probe includes a multi-flow accounting feature supporting NetFlow v5/v9, IPFIX and sFlow packets on multiple interfaces (IPv4 and IPv6). Beyond collecting flows, it can classify, aggregate, replicate to 3rd party collectors, and export forwarding-plane data for comprehensive traffic visibility.