Low-Cost, High-Performance, Portable Packet Forensics Appliance for Network Analysts and Cyber Security Investigators
Click Thumbnails to Enlarge
CyberPro is the perfect tool for today’s Cyber-Hunters, IT/InfoSec specialists, and field network engineers, whose mission is to keep modern digital IP networks up and running – and fully protected. Grab this portable tool, arrive on-site, plug into the network without disrupting IT operations, and get productive fast!
Within a mobile, lightweight test appliance, CyberPro offers high-speed capture, indicators-of-compromise (IoC) alerting, and fully integrated analytics workflow. View long PCAP forensic timelines based on inline data compression. Find critical incidents for full-session analytics and reconstruction. CyberPro is ideal for network performance monitoring, cyber forensics, compliance enforcement, lawful intercept, and packet data analytics.
Download CyberPro Datasheet
CyberPro lets you jump quickly between PCAP actions and your tools-of-choice. Gain new insight from DPI analytics tools, and generate graphical incident reports. Then iterate new Active Trigger alerts and PCAP searches, to conclude your investigation quickly.
Real-Time Analytics Features
Open up to 10 simultaneous BPF-based “Active Triggers”. Adjust them dynamically.
Log Manager events, all with search, cross-correlation and extraction:
- File event logging, with file size and URL or SMTP reference
- User agents
- Active Triggers (BPF signature)
- 100 Snort rules (emerging-DNS, emerging-ftp
- System events
Log Manager search actions:
- All logs are time-correlated with PCAPs and IPFIX data
- Text string search of logs
- IPFIX record logging and search
- Choose your results for any search: PCAP, IPFIX, logs, etc.
- One-click searches auto-populate time period and search filter (BPF), based on context
CyberPro Open Data Access
Packet Capture Features
Continuous lossless packet capture, with configurations up to 15 Gbps, into a rolling FIFO Capture Store
Searchable data recorder for IPFIX netflow records and log files
Real time indexing and alerting — with time stamping as low as 150 nanoseconds
Data compression in real time — Overall storage amplification up to 10x
Dedicated onboard Extraction Store retains all search query results, retrievable by user-defined name
Options for PCAP (or IPFIX) search results:
- View in Wireshark on the local display UI
- Remotely access from an external host via Web GUI or REST/API scripting
- Run the critical sessions over the Streaming Playback Interface to any 3rd party forensic analysis tool. Simply connect streaming playback output to the capture interface of your tool, just like a span/mirror port.
CyberPro Capture Process
Continuous lossless packet capture, with configurations up to 10 Gbps, into a rolling FIFO capture store. A separate extraction store retains PCAP file query results.
4-tuple indexing in real time — IP address source/destination, port source/destination — with time stamping as low as 150 nanoseconds
PCAP compression in real time — Overall storage amplification up to 20x (depending on % of captured traffic that is SSL or video)
Search PCAP data from a convenient web GUI, using easy BPF+ descriptors, immediately streaming the results from capture store to persistent extraction store.
3 options for lossless packet capture: 1-3Gbps, 5-10Gbps, 7.5-15Gbps
Stream initial search results of PCAP, IPFIX/netflow, and log files to any visualization tool, even while a critical search in on-going. No more waiting for endless query response times!
Use real-time, dynamic, user-defined Active Triggers and real-time analytics to rapidly direct critical PCAP data for post-processing, using any of multiple third-party open source DPI software packages, conveniently pre-installed and ready-to-use within CyberPro.
Extensive Logging Features
RFC anomaly logging, file download event logging, multi-protocol event / metadata logging. The Log Manager also allows for search, cross-correlation and extraction: HTTP, files, DNS, email, user agents, TLS/SSL.
Efficient Data Management
CyberPro’s built-in PCAP streaming means that no third-party software will “choke” on too much data throughput during PCAP post-processing.
CyberPro’s interactive dashboard drives your investigation workflow. You control capture operations, check the scrolling alert log, and quickly extract PCAP or IPFIX (netflow) data into Wireshark, or log/metadata findings results into CSV or text. Streaming results are also remotely accessible, both from a host-based WebGUI over the REST interface, and even from a streaming output port into any 3rd party forensics tool.
Visualization is pre-installed and hard-wired into the CyberPro workflow, using open industry-standard data file formats: PCAP & IPFIX records open in WireShark; log searches open as CSV files; reports as TXT/RTF files.