-
Notifications
You must be signed in to change notification settings - Fork 1
feature capture
Overview Use Traffic for real-time network visibility and anomaly investigation on desktop. Start capture during analysis windows, inspect suspicious sessions deeply, and dismiss only validated benign activity.
Description: Use Sunburst for live macro traffic awareness. Start capture, filter by protocol/status, and drill into suspicious clusters.
-
Start/Stop Capture
- Start/stop capture intentionally during investigation windows and confirm prerequisites first.
-
ML Anomaly Detection β Extended Isolation Forest
- Treat anomaly scores as triage signals, then validate context before taking action.
-
Whitelist Profiles β Expected Traffic
- Use whitelist profiles to encode expected traffic and reduce false positives safely.
Description: Use Sessions for forensic-level review of individual connections. Inspect details deeply before deciding to dismiss or escalate.
-
Session Details β Deep Inspection
- Use deep session details to confirm who connected, to what, and why before decisions.
-
Dismiss β Mark Session as Safe
- Dismiss only sessions positively verified as legitimate, and prefer narrow dismissal scope.
Description: Use this view to baseline network behavior by application. Investigate processes with unusual volume or unexpected destinations.
Description: Use anomaly history as your investigation queue. Work recent abnormal events first and dismiss only with supporting evidence.
Description: Use File Events to detect unauthorized file modifications, credential harvesting, and supply chain tampering. Filter for sensitive events to focus on security-critical changes.
This page was automatically generated from feature definitions.