Investigation Analysis System Datasheet

Accelerate Incident Response and Investigation

As recent cyber security breach headlines reveal, the key to minimizing the impact of a security incident is early detection and swift investigation, which requires powerful and fast forensics capabilities.

The FireEye Investigation Analysis System reveals hidden threats and accelerates incident response by adding a centralized workbench with an easy-to-use analytical interface to the FireEye Network Forensics platform, the industry’s fastest, lossless network data capture and retrieval solution. When paired together, the combination of high-performance packet capture and in-depth analytics provides a powerful complement to FireEye’s comprehensive threat prevention and detection capabilities.

Analysts obtain a fine-grained view of the specific network packets and session before, during and after the attack. Being able to reconstruct and visualize the events triggering malware download or callback enables your security team to respond effectively and swiftly to prevent future recurrent and expand the visibility of attacker activity by decoding protocols typically used to laterally spread within the network.

The FireEye Investigation Analysis System supports a number of configurations for single-node and distributed architectures to optimize bandwidth and performance of metadata aggregation, queries and analytics.


  • Visualization: view and share network metadata and activity through easy-to-create custom dashboards.
  • Fast Answers: access centralizedapplication-level wildcard queries and investigation across packet capture nodes.
  • Powerful Search: index metadata from protocols such as HTTP, SMTP, POP3, IMAP, SSL, TLS and FTP.
  • Workflow Efficiency: archive and share PCAP files with other analysts during an investigation through integrated case management.
  • IOC Aggregation and Pivoting: pivot between FireEye Network Security, Email Security and Endpoint Security product alerts from a single workbench and uncover potential correlations between IOCs to further corroborate and conduct deeper investigations across areas of the IT infrastructure that may contain evidence of an attack.


  • SIEM integration: integrate SIEM via RESTful API access to flow and metadata indices.
  • Scheduled Reporting: automatically schedule and run reports based on time intervals or event count thresholds.
  • 1-Click File Reconstruction: single-click to reconstruct suspect files quickly and safely for further analysis, or directly send the suspect payload to a FireEye Malware Analysis appliance for analysis.
  • Scale for Growth: cluster the Investigation Analysis System appliances for greater metadata storage capacity and increase search capabilities across distributed Network Forensics Platform appliances and Investigation Analysis System appliances from a single management console.

Single Investigative Workbench

People say time is money — and this is the case for forensics. The faster you answer these simple questions about a threat, the more you’ll protect your organization, customers and brand: How did the attackers get in? What did they do when they got in? Where did they go? How long have they been here? And most importantly, what specifically did they take? Accelerate the investigation process by quickly identifying the alerts that require deep investigation and narrowing your focus while centralizing networking forensics investigation from a single workbench.

Visualization and Information Sharing

A picture is worth a thousands words — and can save you precious time during an investigation. When visualization is paired with the FireEye Network Forensics platform, which captures packet data at speeds up to 20 Gbps, you have unprecedented ability to discover hidden threats. Create customized dashboards using drag-and-drop gadgets and archive and share PCAP files with other analysts using integrated case management features. Customize the dashboard with drag-and-drop gadgets enabling visualization of abnormal network activity and metadata.


Set the FireEye Investigation Analysis System to generate reports based on time or more sophisticated count-based thresholds. Use the reporting functionality to help visualize anomalous activity within the network.

Centralized Visibility Across the Network

The FireEye Investigation Analysis System aggregates metadata across the packet captures of the Network Forensics Platform and displays insights in a centralized dashboard, eliminating blind spots and creating an end-to-end view of the kill chain. This holistic view provides context and enables you to develop a comprehensive, optimal response.

Ultrafast Queries on Massive Data Sets

When a threat is imminent, waiting hours for a query response is unacceptable. The FireEye Investigation Analysis System enables ultrafast and flexible application-level searches on large data sets and across a broad array of protocols.

Model Total Onboard Storage Dimensions Power Supply/Typical Operating Load
IA 1000HN16 IA 1000HN16 16 TB16 TB 1U Rack-Mount, 1.7” x 17.2” x 27.75” (4.3 x 43.7 x 70.5 cm), 43 lbs (19.5Kg)1U Rack-Mount, 1.7” x 17.2” x 27.75” (4.3 x 43.7 x 70.5 cm), 43 lbs (19.5Kg)1280W high efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging1280W high efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging
IA 2000HN48 IA 2000HN48 48 TB48 TB 2U Rack-Mount 3.5” x 17.2” x 25.5” (8.9 x 43.7 x 64.8 cm) 52 lbs (23.6 Kg)2U Rack-Mount 3.5” x 17.2” x 25.5” (8.9 x 43.7 x 64.8 cm) 52 lbs (23.6 Kg) 750W High Efficiency (1+1) redundant AC power 100-240 VAC 60-50 Hz auto ranging750W High Efficiency (1+1) redundant AC power 100-240 VAC 60-50 Hz auto ranging

Ready to get started?

Ask about FireEye solutions, implementation or anything else. Our security experts are standing by, ready to answer your questions.

+1 877-347-3393