The TYCHON Netflow module collects IP network traffic information as it enters or exits an interface and now provides ePO administrators the ability to query Netflow data from any managed endpoint. As part of the Automated Continuous Endpoint Monitoring (ACEM) plugin, network administrators now have endpoint visibility on packet source and destination of network traffic.
The TYCHON Netflow forensic and real-time standards include source and destination IP address, version 4 and 6, protocol, port, and originating application metadata.
The TYCHON Netflow module is part of our easy to use, real language, questions based interface. Our customers use the TYCHON Incident Response module to query the endpoint and collect valuable network traffic details. Customers can ask:
- How many Netflow records are being stored on the endpoint?
- Show me all the traffic out of this UDP [Port Number]
- Show me files by [File Name] (Journal Search)?
- What Netflow data is generated by this [File Name]?
- What Netflow data is associated with this [MD5]?
- What Netflow data is associated with this [SHA1]?
- What Netflow data is associated with this [SHA256]?
- What Netflow data is available?
- Who has traffic out of this TCP [Port Number]?
- Who is listening on this TCP [Port Number]?
- Who is listening on this UDP [Port Number]?
- Who is talking to this [IP Address]?
By analyzing this data, administrators can determine critical details, to include destination of traffic, class of service, and causes of congestion.
Additional Reading:
Information about TYCHON or to schedule a demo: https://tychon.io
Information about Netflow: https://en.wikipedia.org/wiki/NetFlow
< Back to All Blog Posts