Savant can create independent, device agnostic audits of the communication patterns of all network devices, including desktops, servers, printers and IoT devices. Savant enables network engineers and forensic analysts to drill down from network-wide performance views to individual session flows.
Savant’s multi-CPU, multi-thread architecture is designed to systematically trigger on events, index and organize the entity relation of the data, and capture data based on a plurality of rules and policies defined by the user.
Unlike any other known network audit device, Savant decodes every defined field of hundreds of protocols and builds graph analytics in real time in the RAM of the Savant – so no way of hiding covert communications is beyond its scope of logging and graph analytics. Every Savant allows for logging and triggering of thousands of high and low layer protocol attributes, including MAC addresses, IP addresses, DNS requests and responses, TCP and UDP port numbers, HTTP user agents, FTP commands, SMB transfer checksums, SIP information, SSL protocols, JA3 signatures – and even looks into historical minutia like hiding data in stuff bits, undefined or obscure fields, message IDs and the like.
Copyright © 2020 Intrusion. All rights reserved.