Join Us at Our Upcoming Events Events
Skip to Main Content

Powerful Forensics for Investigation

Threat Eye NV uncovers how threats gained access and navigated throughout your network.

Inadequate forensics is a business liability.

Following a data breach, the inability to fully document and identify root cause leaves crucial questions unanswered:

  • How did they get in?
  • Where did they go?
  • What did they do?

This hampers response and may lead regulators or courts to question the adequacy of your security program.

Inadequate Forensics is a Business Liability

LiveAction Network Detection and Response is a Powerful Forensics Tool

Uncover and Preserve Attack Evidence
Uncover and Preserve Attack Evidence and Details
Map Attacker Pathways
Confidently Map Attacker Pathways and Timelines
Analyze an Incident
Fully Analyze an Incident to Improve Cybersecurity

LiveAction NDR powers forensics

Reviewing the source of data is not enough. LiveAction ThreatEye powers continuous packet capture (PCAP) with customizable retention to meet all compliance obligations.

Prove what happened, when, and how

The LiveAction NDR, ThreatEye, is unusually powerful for forensics because it uses long-term behavior baselining. This market leading and detailed record of what is normal makes attacker actions stand out. Investigators can confirm an attack and analyze this record to document who, what, when, where how.

Prove what happened

Easily Drill Down to Packet Level

The Live Action NDR platform gives your forensic investigation the chance to see the forest and the trees. Go from a global alert view for fact finding, all the way down to extreme detail including all packets.

Drill Down to Packet Level

Investigate regardless of encryption

ThreatEye uses Encrypted Traffic Analysis (ETA) to detect and spotlight threat actor behavior, even if threats are operating within encryption.

ETA benefits forensics by using behavior baselines and streaming ML to correlate attacker actions. This enriches core data to give you multiple perspectives for forensics and documentation.

ETA removes encryption as a barrier to investigation.

Investigate Regardless Of Encryption

Close the skills gap with ThreatEye Forensics

The LiveAction Network Detection and Response workflow includes forensics. This helps end-users learn what is important to detect attacks and where to find specific clues. This real-time exercise helps raise the skill level of your team.


Level set your digital transformation with LiveAction’s automated baselining & capacity planning capabilities.