New Features of SISP: EndpointSniffer, DataCenter and AlertCenter Update

06.07.2016

Back to news

1.EndpointSniffer now supports operation in the VDI infrastructure

Updating is important for organisations computer infrastructure of which is represented not by physical workstations but by terminals that operate in single virtual environment, located in the data center. In this case, the stations are used to download a single master image, and all the agents running this way have the same ID. To correctly identify the data captured by each agent, EndpointSniffer learnt to assign a unique ID to each of them. Now when you install the agent on the master image, you can activate the option Clean agent ID at startup in EndpointSniffer settings. Then, the agents will be assigned a unique ID at each startup – and the system will correctly identify the interception of each user.

2016-08-18_16-33-06The feature is also available in the settings of each agent.

2016-08-18_16-58-23

 2. Load balancing

The platform can now balance the load in order to maintain consistently high performance. The updated version allows you to limit the number of agents simultaneously transmitting data to the server (for direct connection). In the settings of console, you need to specify the Maximum number of agents per server: the minimum value of the parameter – 0 (without limitation), the maximum – 5000. 2016-08-18_16-35-45When server reaches the specified number of agents, it notifies that it has reached its maximum. Other agents perceive it as the unavailability of the server and start to cyclically check the server from the list of alternate servers of EndpointSniffer for data transfer possibility. If the server is not available / loaded, agents accumulate the captured data in the local storage and try to connect to the server.

3. SearchInform DataCenter implements new licensing system

Previously, licenses had to be installed, updated and distributed independently for each SISP product. Now, there is a single license for the products, processed by DataCenter. DataCenter independently generates and updates licenses of all the products, and automatically or according to specified conditions distributes available licenses between servers. The number of licenses distributed to one or the other product is determined by settings. After that, the product itself monitors the expiry date of the license. Settings can be accessed from the context menu of the product (or server). Settings features:
  •  In the license settings for Search Server, issue licenses can be enabled, including automatic licensing2016-08-18_16-54-32
  • In NetworkSniffer and EndpointSniffer servers, you can indicate the number of licenses for each product. The number of licenses cannot exceed the number of free licenses.2016-08-18_16-52-40
If you select Distribute unused licenses automatically, the product will get all free licenses. If there are several EndpointSniffer / NetworkSniffer servers, licenses will be distributed equally among them.
  • For AlertCenter and ReportCenter components, automatic licensing is installed by default and cannot be changed.
The new licensing system is compatible only with the Search Server 4.70.0.1 or higher.

4. SearchInform AlertCenter: improved search by regular expressions and changes in the quarantine operation

The updated analysis core allows you to increase up to two times the speed of regular expressions search for the policies that contain multiple search criteria. In addition, SISP perfected the operation principle of quarantine. Now, AlertCenter allows you to create multiple quarantine policies and include the same MailSniffer index in multiple policies (as well as to search by all indexes in each policy).

2016-08-18_16-43-24The feature also allows you to set individual access rights to the quarantine policy.

2016-08-18_16-44-20