Introducing Access Filters

March 3, 2024 · 2 min read

Spider introduces its nex 'Access filters' feature to restrict data access within the captured data.

Concept

Previously, any user having access to a Whisperer could see all data captured.
Now, you may restrict access to captured data:

Enable each view - HTTP, TCP, PACKET - independently,
Restrict accessible data with a specific filter
Remove the HTTP headers you do not want to expose to certain users
Remove access to the HTTP payloads
- Useful to get access to statistics and patterns without having access to confidential data
Define a set of filters as default for new team members

Production
- Give production data access to developers without leaking credentials
- Give production statistics and behavior access to developers without giving data access (and leaking PII)
- Allow high level data access without giving low level access
- Allow restricted access in production to a product squad in order to check or troubleshoot a new deployment
Integration
- Create restricted access accounts with predefined filters for 3rd party integration campaign

These use cases are described in the documentation.

It is integrated within the Team feature
Team administrators may define as many Access filters as they need
- They associate filters to Whisperers and Users
When selecting a Team to get its access, the filters are injected in the newly generated security token.
The filters are applied on all API used to retrieve captured data.

Access Filter are created and managed in Team Access filters tab:

Edit form:

Managing existing filters:

Access filters in User profile:

When a user associated to Access Filters selects one of the filter Whisperers, a badge is displayed next to the Team and Whisperer badges:

It tells what filter applied, and shows a lock icon, indicating that the filters cannot be removed.
A tooltip explains the filters applied.

Do you like this new feature? Any comment?
Send me a mail, or a support ticket :)