The first network forensics appliance dedicated to security investigations.

Request a Price


Savvius Vigil automates the collection of network traffic needed for security investigations, both reducing the likelihood of a breach, minimizing their impact. Even breaches not discovered for months can be effectively investigated using Vigil. Savvius Vigil, which integrates with all leading IDS/IPS systems, includes Omnipeek, award-winning network forensics software.

How Vigil Works

Savvius Vigil integrates with your existing SIEM/IDS/IPS capabilities to intelligently determine what network traffic is relevant for breach investigations. Vigil continuously collects all network packets and only stores traffic associated with security alerts, discarding unassociated packets. The device also supports feeds from multiple sources simultaneously. Vigil captures the critical packets that led up to the alert being triggered, from up to 5 minutes before the alert, showing the original cause of a potential breach. You can also configure Vigil to store all packets based on specified IPs, ports or protocols, all the time, to provide insight into attacks that IDS/IPS solutions miss. And if you suspect an attack is ongoing, you can initiate a full packet capture with a single click, including up to 5 minutes of packet history.

System Specs


  • 96TB of Storage
  • 4 port 1/10G Network Adapter
  • 2U Rack Mountable


  • Savvius Vigil software for monitoring and forensics
  • Monitoring dashboard with overview, storage use, and event management
  • Security Forensics capability, including hierarchical search by date, event, IP address, severity, etc.

Supported IDS/IPS

  • HP Arcsight
  • Checkpoint
  • Cisco FirePOWER
  • Sophos Cyberoam
  • Fortinet
  • IBM QRadar
  • Lancope Stealthwatch by Cisco
  • McAfee Enterprise Security Manager
  • Palo Alto
  • Snort
  • Suricata