Start-up software developer Packet Analytics is offering a free downloadable search engine, designed to collect network and system alerts to help CIOs, admins and security analysts dig through them.
Called Net/FSE, for network forensic search engine, the browser-based tool requires a standard x86 server running Linux or Unix. It is based on development carried out at the US Los Alamos National Laboratory to detect intruders on its network, and can aggregate data from a range of sources, including NetFlow (v5 only), syslogs, Snort and Cisco PIX.
Net/FSE enables users to retrieve data relating to specific times, IP ranges or addresses, alert types and so on. The data can then be searched and sorted to highlight areas for deeper investigation.
The tool does not do away with the need for expert understanding of the security issues involved, nor does it do event alerting - that remains the job of the relevant network devices. Packet Analytics said it was designed as an "incident response workflow tool", enabling analysts to more easily dig through the huge volumes of data generated by the likes of firewalls, IDS/IPS and NetFlow.
"Net/FSE will save analysts a significant amount of time in their routine alert investigations, making them more efficient and dramatically decreasing response time," claimed Packet Analytics CEO Andy Alsop. "It was built by security analysts for security analysts, so that enterprises have access to advanced search capabilities over terabytes of NetFlow router data."
The free version can process up to one million events per day; users needing more welly than this will need to buy a more capable version - prices range from $1495 (£760) upwards.
Packet Analytics said larger systems ar able to use a RAID array or SAN to store multi-terabyte datasets. It added though that 1TB of disk should be enough to store a year or more's data for a small enterprise network.