Trellix Network Forensics is an advanced cybersecurity solution that combines high-speed network packet capture with powerful analysis and visualization tools. It is designed to help organizations quickly identify, investigate, and resolve security incidents by providing comprehensive visibility into network traffic. The system captures and indexes full network packets at speeds up to 20 Gbps, allowing security teams to review network activity before, during, and after an attack. With its centralized workbench and easy-to-use analytical interface, Trellix Network Forensics enables effective threat hunting, faster incident response, and accurate impact assessment of security events.

Key Features

High-Performance Packet Capture Trellix Network Forensics offers industry-leading packet capture capabilities.

• Continuous lossless capture with time-stamping at speeds up to 20 Gbps
• Real-time indexing of all captured packets for quick retrieval

Centralized Analysis and Visualization The solution provides a comprehensive platform for analyzing network traffic.

• Easy-to-create custom dashboards for viewing specific network metadata and activity
• Web-based, drill-down GUI for inspecting packets, connections, and sessions

Advanced Search and Retrieval Trellix Network Forensics enables rapid investigation of security incidents.

• Ultrafast search and retrieval using patented indexing architecture
• Quick search across all alerts, captured flow, and metadata

Integration with Security Ecosystem The platform is designed to work seamlessly with other security tools.

• Consolidation of alerts from Trellix and third-party security products
• Support for Trellix Threat Intelligence, STIX, and OpenIOC feeds

Benefits

Improved Incident Response Trellix Network Forensics accelerates the detection and resolution of security threats.

• Faster identification and analysis of security incidents
• More accurate quantification of incident impact

Enhanced Threat Hunting The solution empowers security teams to proactively search for threats.

• Ability to hunt for anomalies and suspicious activities that may evade existing tools
• Rich context for investigating potential security issues

Streamlined Security Operations Trellix Network Forensics helps optimize security workflows.

• Centralized workbench for reviewing all network activity
• One-click pivot to session data from alerts for efficient investigation

Comprehensive Network Visibility The platform provides deep insights into network traffic.

• Full packet capture for complete network visibility
• Intelligent capture with selective filtering to focus on relevant data