RSA NetWitness Investigator is the award-winning, interactive threat-analysis application that enables security operations staff, auditors, and fraud and forensics investigators to perform unprecedented free-form contextual analysis of raw network and log-event data captured and sessionized by the RSA NetWitness platform.

Unlike packet-analysis products, which display network traffic in the context of confusing network nomenclature, Investigator uses a lexicon of nouns, verbs, and adjectives—characteristics of the actual application and logic-layer protocols parsed by RSA NetWitness during session reconstruction.

Both novice and expert users can use Investigator to pivot terabytes of network traffic easily to dive deeply into the context and content of network sessions in real time—so that threat analyses that once took days now take only minutes. It is this intersection of network metrics, rich application flow, and content information that differentiates RSA NetWitness products.

Investigator employs RSA NetWitness Live to provide real-time fusion with multi-source threat intelligence.