Barac ETV platform integration with Endace Pivot-to-vision
One time configuration
To enable the Endace pivot-to-vision feature within the Barac platform some configurations will be required.
- Login to the Barac platform
- Go to “Configuration” then click “integration config”
Pivot-to-vision configuration page:
As a first step enter the following parameters:
- Endace probe * (mandatory)
- Data source (optional with Endace version 6.5.2 or newer)
- Endace appliance IP address * (mandatory)
Once you click “Save Configuration”. The values will be stored and no need to type them again every time you generate an URL.
If you want to change the one time configurations, just type them again and click “Save Configuration” and the parameters will be overwritten.
Generating a URL from the integraion page
From the configuration page, you can manually specify the period of investigation. To do so you need to set:
- Start and End time
- Time Zone:
Also don’t forget to specify the name of the investigation. Note that the date and time when the URL is generated and when the investigation is created will be automatically added to the investigation name
To make the investigation more accurate and more efficient it’s recommended that you apply filters.
From the following table you can choose which filter you are going to use. Notice that you can apply multiple filters simultaneously. Once you click on a filter a new typing field is added. You can add/remove filters easily as you see fit.
Once you fill all the required fields you click on the ” generate URL” button and instantly an URL will be generated.
You can “copy” and share the URL of the investigation with whoever you wish. By clicking “open” you can open it in the Endace Vision interface in a new tab.
After opening the Endace Veion interface you can change the tools and display graphs other than the default displayed.
The cyber detection page
The cyber detection page in the Barac ETV Platform reveals any attempt of breach sorted by severity from low to critical with time details.
Users can simply open an investigation of any displayed beach in this page directly and with a simple click on the “Endace URL” button view any detected attack within the Endace vision page.
Once you click on the “Endace URL” button , the attributes of the beach detected by the Barac ETV platform will automatically be taken and used to generate the pivot to vision URL and create an investigation for this attack in the Endace Vision console which will let you analyze the packets and understand more about this breach.
For example the values of the start and the end of the detected attack will be automatically used instead of adding filter and typing manually , as well as the ip address and ports
Note if you click the “Endace URL” button and you didn’t yet type the one time configuration, you will be redirected to the Pivot to Vision Configuration page
After following the previous, the Barac-Endace Pivot-to-vision integration will be complete
Please note that these current steps are as of 4th May 2020 and are subject to change in accordance with any updates to Barac and Endace.