Skip to content

feature system

EDAMAME Dev edited this page Jun 23, 2026 · 2 revisions

System


Feature: system

🔐 System

Overview Use System for real-time network visibility, file-event review, and anomaly investigation on desktop. Start capture during analysis windows, inspect suspicious sessions deeply, and review sensitive file changes before dismissing activity as benign.

⚙️ Sub-Features

1. 🔧 Sunburst – Live Network Visualization

Description: Use Sunburst for live macro traffic awareness. Start capture, filter by protocol/status, and drill into suspicious clusters.


List View Detail View
Sunburst – Live Network Visualization - List Sunburst – Live Network Visualization - Detail

Screenshot of Sunburst – Live Network Visualization - Multi-pane layout showing list and detail views


Start/Stop Capture

Start/stop capture intentionally during investigation windows and confirm prerequisites first.

ML Anomaly Detection – Extended Isolation Forest

Treat anomaly scores as triage signals, then validate context before taking action.

Whitelist Profiles – Expected Traffic

Use whitelist profiles to encode expected traffic and reduce false positives safely.


2. 🔧 Sessions – Connection Details Table

Description: Use Sessions for forensic-level review of individual connections. Inspect details deeply before deciding to dismiss or escalate.


List View Detail View
Sessions – Connection Details Table - List Sessions – Connection Details Table - Detail

Screenshot of Sessions – Connection Details Table - Multi-pane layout showing list and detail views


Session Details – Deep Inspection

Use deep session details to confirm who connected, to what, and why before decisions.

Dismiss – Mark Session as Safe

Dismiss only sessions positively verified as legitimate, and prefer narrow dismissal scope.


3. 🔧 Processes – Per-Application Traffic

Description: Use this view to baseline network behavior by application. Investigate processes with unusual volume or unexpected destinations.


Processes – Per-Application Traffic

Screenshot of Processes – Per-Application Traffic



4. 🔧 Anomaly history – Flagged Sessions

Description: Use anomaly history as your investigation queue. Work recent abnormal events first and dismiss only with supporting evidence.


List View Detail View
Anomaly history – Flagged Sessions - List Anomaly history – Flagged Sessions - Detail

Screenshot of Anomaly history – Flagged Sessions - Multi-pane layout showing list and detail views



5. 🔧 File Events – File Integrity Monitoring

Description: Use File Events to detect unauthorized file modifications, credential harvesting, and supply chain tampering. Filter for sensitive events to focus on security-critical changes.


List View Detail View
File Events – File Integrity Monitoring - List File Events – File Integrity Monitoring - Detail

Screenshot of File Events – File Integrity Monitoring - Multi-pane layout showing list and detail views


📋 Contents


🏠 Navigation


This page was automatically generated from feature definitions.