Skip to content

feature capture

EDAMAME Dev edited this page Feb 10, 2026 · 12 revisions

Traffic


Feature: capture

πŸ” Traffic

Overview Use Traffic for real-time network visibility and anomaly investigation on desktop. Start capture during analysis windows, inspect suspicious sessions deeply, and dismiss only validated benign activity.

βš™οΈ Sub-Features

1. πŸ”§ Sunburst – Live Traffic Visualization

Description: Use Sunburst for live macro traffic awareness. Start capture, filter by protocol/status, and drill into suspicious clusters.


List View Detail View
Sunburst – Live Traffic Visualization - List Sunburst – Live Traffic Visualization - Detail

Screenshot of Sunburst – Live Traffic Visualization - Multi-pane layout showing list and detail views


πŸ“ UI Elements & Data

  • Start/Stop Capture

    • Start/stop capture intentionally during investigation windows and confirm prerequisites first.
  • ML Anomaly Detection – Extended Isolation Forest

    • Treat anomaly scores as triage signals, then validate context before taking action.
  • Whitelist Profiles – Expected Traffic

    • Use whitelist profiles to encode expected traffic and reduce false positives safely.

2. πŸ”§ Sessions – Connection Details Table

Description: Use Sessions for forensic-level review of individual connections. Inspect details deeply before deciding to dismiss or escalate.


List View Detail View
Sessions – Connection Details Table - List Sessions – Connection Details Table - Detail

Screenshot of Sessions – Connection Details Table - Multi-pane layout showing list and detail views


πŸ“ UI Elements & Data

  • Session Details – Deep Inspection

    • Use deep session details to confirm who connected, to what, and why before decisions.
  • Dismiss – Mark Session as Safe

    • Dismiss only sessions positively verified as legitimate, and prefer narrow dismissal scope.

3. πŸ”§ Processes – Per-Application Traffic

Description: Use this view to baseline network behavior by application. Investigate processes with unusual volume or unexpected destinations.


Processes – Per-Application Traffic

Screenshot of Processes – Per-Application Traffic



4. πŸ”§ Anomaly history – Flagged Sessions

Description: Use anomaly history as your investigation queue. Work recent abnormal events first and dismiss only with supporting evidence.


List View Detail View
Anomaly history – Flagged Sessions - List Anomaly history – Flagged Sessions - Detail

Screenshot of Anomaly history – Flagged Sessions - Multi-pane layout showing list and detail views


πŸ“‹ Contents


🏠 Navigation


This page was automatically generated from feature definitions.

Clone this wiki locally