MindStorm Sensor is combined with MindStorm Collector and SA-IDS sensor for performing the network intrusion detection tasks as well as receiving events from other network and security devices. MindStorm Sensor runs on Linux operating systems and proprietary software with the sensor engine.

Intrusion Detection

MindStorm Sensor is capable of performing real-time traffic analysis and packet logging on IP networks. And perform protocol analysis, content searching/matching and detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, packet anomaly and much more. With pre-configured rules, security administrators can perform optimal protection for the enterprise network in just a minute. MindStorm Agent is an Agent machine that receives events from various network and security devices. MindStorm Sensor also provides rules customization to fit enterprise specific security requirements.

Data Collection

MindStorm Sensor collects security events and raw log data from disparate equipments such as firewalls, IDS/IPS, antivirus, routers/ switches, OS, applications and vulnerability management tools with non-invasive approach on SNMP, Syslog, ODBC and LEA format. MindStorm Sensor also capture the payload and MAC address information to identify the root source of an incident.

MindStorm Sensor provides time synchronization capability to synchronize all monitored devices with MindStorm Manager for providing a accurate and real-time security postures.