Skip to content

feature capture

EDAMAME Dev edited this page Apr 5, 2026 · 12 revisions

Traffic


Feature: capture

πŸ” Traffic

Overview Use Traffic for real-time network visibility and anomaly investigation on desktop. Start capture during analysis windows, inspect suspicious sessions deeply, and dismiss only validated benign activity.

βš™οΈ Sub-Features

1. πŸ”§ Sunburst – Live Traffic Visualization

Description: Use Sunburst for live macro traffic awareness. Start capture, filter by protocol/status, and drill into suspicious clusters.

πŸ“ UI Elements & Data

  • Start/Stop Capture

    • Start/stop capture intentionally during investigation windows and confirm prerequisites first.
  • ML Anomaly Detection – Extended Isolation Forest

    • Treat anomaly scores as triage signals, then validate context before taking action.
  • Whitelist Profiles – Expected Traffic

    • Use whitelist profiles to encode expected traffic and reduce false positives safely.

2. πŸ”§ Sessions – Connection Details Table

Description: Use Sessions for forensic-level review of individual connections. Inspect details deeply before deciding to dismiss or escalate.

πŸ“ UI Elements & Data

  • Session Details – Deep Inspection

    • Use deep session details to confirm who connected, to what, and why before decisions.
  • Dismiss – Mark Session as Safe

    • Dismiss only sessions positively verified as legitimate, and prefer narrow dismissal scope.

3. πŸ”§ Processes – Per-Application Traffic

Description: Use this view to baseline network behavior by application. Investigate processes with unusual volume or unexpected destinations.


4. πŸ”§ Anomaly history – Flagged Sessions

Description: Use anomaly history as your investigation queue. Work recent abnormal events first and dismiss only with supporting evidence.


5. πŸ”§ File Events – File Integrity Monitoring

Description: Use File Events to detect unauthorized file modifications, credential harvesting, and supply chain tampering. Filter for sensitive events to focus on security-critical changes.

πŸ“‹ Contents


🏠 Navigation


This page was automatically generated from feature definitions.

Clone this wiki locally