Net/FSE: free network forensic search engine
Network security tools company Packet Analytics launched Net/FSE, the Network Forensic Search Engine. Net/FSE is the first commercial search engine for enterprise network data to focus on security incident response by harnessing the power of NetFlow data. It is designed to exploit the forensic potential of NetFlow data to dig deep into network alerts.
A browser-based workflow tool for security analysts, Net/FSE employs proprietary search technology licensed exclusively from Los Alamos National Laboratory, where it was developed and battle-tested for five years. Net/FSE allows network security analysts to respond rapidly to network alerts and anomalies by analyzing terabytes of NetFlow router data in real-time through a highly scalable search engine. A commonly overlooked network data resource because of its voluminous nature and predominate use in IT engineering operations, NetFlow data can be a powerful source of forensic information for security analysis.
Typically, when a network security alert is generated by an enterprise firewall, intrusion detection system or security information management system the security analysts do not have access to the necessary context that allows them to definitively and effectively respond to the event. Net/FSE allows analysts to collect and quickly search all of their NetFlow and other network data to determine the impact of the alert and effectively respond.
Net/FSE requires little or no administration and can be quickly installed by the customer on commodity servers running a Linux operating system. Deployed as a browser-based solution, analysts can search through terabytes of data from anywhere on the network.
Net/FSE is available as a free download with full functionality here.