NextComputing has announced a new high-speed packet analytics ingestion system and automated PCAP data workflow for Splunk using standard Splunk data interchange methods. This interface extends the capability of NextComputing’s massively scalable lossless packet capture solution, Packet Continuum. Splunk users will be able to parse packet flow data and packet-level analytics in real-time, for correlation within Splunk to other relevant network data feeds. It also allows Splunk users to selectively ingest historical PCAP query results for in-depth packet review.
“Our intent is to bring real-time PCAP forensics directly into the world’s best correlation engine, which is Splunk itself.” said John H. Ricketson, Executive Vice President of NextComputing. “Users of Splunk Enterprise Security (ES) can now closely coordinate their cyber investigations with a massively scalable repository of line-rate, lossless, full packet capture data, in standard binary PCAP file format.”
In addition to real-time ingestion of flow and analytics, Splunk users can take direct advantage of Packet Continuum’s automated PCAP workflows for retrospective packet analytics, using the Splunk App for Stream. For example, a Splunk ES user may discover a list of IP Addresses with suspect activity on a 40Gbps lossless Packet Continuum capture point. Even for very large query results, Packet Continuum will begin streaming PCAP “chunks” almost instantly into the Splunk App for Stream, for ingestion of full packet analytics (application-level metadata and events) into Splunk ES for further investigative review. Even for high-speed span/tap points, where the Splunk App for Stream cannot process all data in real-time, Packet Continuum’s real-time analytics ingestion PLUS automated PCAP workflow paths allow a user to never lose a packet, and to route only the most important transactions into Splunk ES for analysis.
NextComputing’s Packet Continuum is a widely used “Open PCAP” software infrastructure for low cost, massively scalable, lossless packet capture on an open, enterprise-scale server infrastructure. Packet Continuum runs on a fully open compute infrastructure within data centers, or on specialized platforms for portable network forensic analysis. Capture rates are at line speeds, ranging from 1 to 100 gigabits per second, without packet loss – instantly searchable over historical capture timelines from days to months to years using inline data compression and Big Data “clustering” technology. Packet Continuum is in use as a subsystem for major product OEMs, and also deployed by large agencies and commercial enterprises to pre-wire their networks for lossless packet capture, incident response, and other critical use cases in cyber security and network performance markets.
Splunk Workflow
(click to enlarge)
About NextComputing
NextComputing is the developer of an open, scalable, and high-performance software framework for capture and managing big data on the wire including lossless packet capture, NetFlow and metadata generation, and fast packet retrieval. We also offer solutions based on enterprise-class industry-standard Linux servers such as those by DELL, as well as our own developed and manufactured appliances for portable and small form factor rack deployable use cases. We are focused on enabling enhanced workflows for OEMs, solutions providers, and enterprise users who are looking for an open framework to support a range of potential tools. We also offer a complete suite of services that can add value to your business such as optimizing workflows to meet your needs, connector development integration with your analytics tools, software branding, various configuration options, and more.
Visit NextComputing at packetcontinuum.nextcomputing.com, or contact us today to speak directly to a Sales Engineer at sales@nextcomputing.com, or (603) 886-3874.