156 posts tagged with "features"

Small change, but that can help using Spider a lot:

• The URI, querystring, and hash parts of the HTTP requests are automatically URL decoded in Spider resource.
  • You can now search without all the %2B and such.
  • And querystring are better displayed both in grid, and in detail panel

To simplify sharing information, you may now click on the Share icon at the top right of the GUI.

• It saves your current state of navigation (current filters and search, opened panels...)
• It generates a short URI for it. Ex: https://streetsmart.parkeon.com/spider/network/?state=T0F3wzRYQR6nFqeq\_5nkvQ

You may then share this link with anybody having access to this Whisperer. When opening the link in the browser, the GUI will open and display exactly (or almost) what you are currently seeing. Redux's magic ;-)

A brand new shiny feature from this week end: sticky details panel.

I noticed that it was difficult to use the Host stats features while changing the time to compare stats. Indeed, the selection in the timeline with located behind the detail panel.

So I added a new feature: the detail panel can be 'sticky' and takes its place on the right of the map and table, and not over them. Just click on the Pin icon of the detail panel icons to do it.

Becomes:

Enjoy :-)

A new feature has been added last week to allow easy Whisperer creation.

In the whisperer list, you may click on 'New Whisperer'. It:

• Create a new Whisperer with a default name.
• Associate it with your account
• Create a default configuration as an 'UPLOAD' whisperer
• Offers you to edit the name of the Whisperer in the details panel

You may then edit the Whisperer configuration in Capture and Parsing tabs.

For an INTERFACE Whisperer, the installation instructions are provided in the Installation tab:

This tab also allows you to generate (and change) the API key of the whisperer, used for it to connect to Spider. If lost, it needs to be generated again, as the server does not keep a copy of the private key.

For now, as we are in private beta you need a Gitlab account and authorization for downloading the Docker image to install a Whisperer.

Whisperer have seen a huge improvement over the past weeks:

• They can be remotely started and stopped from the services or the GUI
• They monitor their configuration changes and their configuration can be updated on the GUI
• They send the available interfaces on their hosts for configuration
• They monitor their process and allows health checking and monitoring on the server side
• First monitoring features have been included in  the GUI

Whisperer have now 3 distinct modes:

• INTERFACE: They are remote whisperers, installed on a host, that capture network traffic in real time
• UPLOAD: They are whisperers dedicated to pcap uploading in Spider GUI
• FILE: They are 'tests' whisperers, that can parse a pcap file on a host and send the file to Spider.

Remote control​

The GUI displays the status of an 'INTERFACE' whisperer in the top left corner

 

 

In the order:

1. Not visible: Whisperer is not started, or not communicating
2. Connecting: Whisperer is starting
3. Stopped: Whisperer is started, available, but not capturing
4. Capturing: Whisperer is capturing data
5. Wrong configuration: Whisperer configuration is not correct

The control of Whisperer status is made on the Whisperer detail view with the button to START/STOP CAPTURE.

Remote configuration update​

Whisperer configurations can now be changed on the GUI.

The Capture Config tab sets configuration on the Whisperer sniffing agent, and the Parsing Config tab sets the configuration for the parsing on the server.

 

 

• Help is given by clicking on the small (i) icon
• Valid network interfaces on the Whisperer side are provided for help
• Value correctness is checked (when possible) on the GUI side

A color code is used to display the value status:

• Blue: this is default value, it is not specifically set for the Whisperer and comes from server default
• Orange: modification in progress
• Green: valid change
• Black: value is specifically set for the whisperer
• Red: value is not correct. An help message is provided in tooltip of the error icon.

Remote monitoring​

The status of the Whisperer is send regularly to Spider.

The Whisperer details view first tab shows a summary of information:

• Cpu usage of Whisperer on host, average since last update
• Memory usage, instantaneous
• Time of capture start
• Speed of capture
• Total of uploaded data
• Speed of API calls to back office
• Total of all times for this whisperer

Hi,

To answer client identification problematics, I've performed a few small updates in Spider.

Now the Http Communication resource includes 2 new properties:

• stats.src.origin: the original IP address from the client. Stored as an IP in ES, so queryable like this: stats.src.origin:"10.1.22.0/16"
• stats.src.identification: the identified client. Extracted by:
  • The login from Basic Auth identification
  • The sub field from JWT

Both fields can be queried and aggregated upon. Both are accessible in grid (you need to disconnect/reconnect to refresh grids available columns), and in detail view.

What's more, 2 other fields have been added in grid: the response date and the x-forwarded-for request header.

Enjoy!