All features
Capture
- Supported network:
- ISO 2 layer : Ethernet, Linux SLL, VXLan.
- ISO 3 : IPv4.
- ISO 4 : TCP, UDP.
- ISO 5 - 7 : TLS, HTTP.
- Distributed capture of remote hosts.
- Agents remote configuration from the UI.
- Agents deployment from the UI
- ‘Applicative cluster’ mode: capture of many probes on the same system are merged in a single view.
- Automatic discovery and tracking of hosts DNS names.
- Packet filtering: PCAP standard filters + regular expressions on hosts FQDN.
- Circuit breakers in place to limit capture impact on spikes.
- Continuous monitoring of probes.
PCAPandPCAP-NGstandard files may be injected directly on the web interface.- Limit capture size for big communications download.
- Deduplicate packets and communication when capturing both side of the communication.
- Capture only data packets to lower CPU and network usage
- Understand and manage duplicated packets arriving late
- Capture of TLS keys from OpenSSL memory to decipher and TLS ciphered TCP session.
Decoding
- Real time decoding of communications.
- Rebuilding of TCP flows.
- TCP flows decoding by plugins on the UI.
- Real time deciphering of TLS encrypted TCP sessions.
- On the fly payload content rebuilding content and decompressing.
- High level protocols analysis.
- Only HTTP for now.
- Modular architecture to quickly add new protocols.
- Clients identification and customisable tagging for specific filtering.
- Filtering and removal of sensitive data by defining rules in configuration.
Analysis and reporting
- Customisable layout.
- Automatic refresh of data.
- Dynamic and intuitive time travel in data with a time resolution from many days to microseconds.
- Timezone management to observe in the time of the capture
- Dynamic and customisable dashboard to show global metrics, latency, size, errors... grouped by technical and business axes.
- Save and reload dashboard dispositions.
- Dynamic and customisable map of network services that presents, in real time, the load and quality of systems communications.
- Combined data analysis of as many agents as needed, even with different systems using the same IP address range.
- Clients identification and tracking of their communications.
- Support of JWT, Certificates and Basic Auth. Extensible.
- Merged or split representation of services replicas.
- Hide proxies jumps to reveal true clients of calls.
- Multi level communication analysis:
- Statistics panel with customisable metrics and pivot tables.
- Sequence diagrams.
- Customisable grid.
- Map view of services with aggregated statistics.
- Detailed views from rebuilt communications to the unitary packets they are built from.
- Compute and display differences between communication.
- Easy tracking of correlation and tracing tokens.
- Multi criteria searches and dynamic filtering of communications.
- Graphical view and edition of filters.
- Autocompletion of filters.
- Save and reload queries.
- Continuous saving of users view for best user experience. The application comes back as it was before on reconnection.
- Powerful display of communication payload
- Pretty print and color syntaxing of:
- HTML, XML, JSON, JS, CSS
- Native display of captured pictures and videos.
- Pretty print and color syntaxing of:
- Instantaneous creation of shared URL links to exchange your findings with your peers, and reference them in tracking systems.
- Publication feature with Public links to share an analysis session to external users. With limited time and data access.
- Communications export:
- PCAP, PCAP-NG, JSON & XLSX
- PCAP-NG includes host resolution and TLS keys of the TCP session for deep analysis in Wireshark
- Sequence diagram export:
- Statistics export:
- Hosts import & export:
- Settings copy, import & export:
- JSON
- Dark mode available!
User management
- Authenticated solution.
- Multi tenant solution.
- Scalable solution with team management for centralised user management.
- Access sharing options for users.
- Role based access control for users.
- User creation:
- By SSO with Open Id Connect
- By LDAP link.
- By the user himself with an integrated web form with email validation process.
- Option to validate manually new accounts.
- Password recovery with email validation.
- Email notifications of mail / password change.
System management
- Automated and secured administrators account creation
- Easy agent creation on the UI with simplified creation form
- Automated rotating storage to control data retention
- Customisable Data Store Policies to allow different agents to have different data retention time
- Integrated solution monitoring system to validate its correct behavior:
- Summary global dashboard.
- Infrastructure view.
- Applicative view.
- Database view.
- Performance view.
- Distributed probes monitoring.
- Integrated alerting system with mail notification.
- No need for an extra notification system.
- Alert metrics API in Prometheus format.
- Health API for status page integration
- Automated deployment of agents
- Kubernetes Controller to deploy as ephemeral containers
- Swarm watchdog to deploy with the sidecar pattern in Docker Swarm.
- One-liner installation for Kubernetes Controllers and Gociphers agents.
- Centralized collect and analysis of logs, being applicative, technical or web.
- Integrated users usage statistics and dashboard.
- Hot reloading of configuration changes.
- Regular backup of configuration to S3 compatible object store.
- Automatic restore at installation feature
- Regular purge and clean jobs to maintain the system.
- Fully customisable configuration of services directly from Helm.
Setup
- Automated setup and upgrades with Helm charts.
- Automated Elasticsearch indices initialisation & migration on setup.
- One line deployment of Kubernetes Controllers and Gociphers.
- Agents may be deployed straight from the UI
Integration
- Open API with complete OpenAPI v3 documentation for integration and extensions.
- Documented plugin mechanism to extend Spider feature and allow business integration with the systems under analysis.
- Central Plugin Store to install and share plugins
- Existing plugins (samples):
- HTTP plugins:
- HTTP headers decoding: certificates, security token, cookies…
- Tags enrichment.
- Client identification enrichment.
- TCP plugins:
- MQTT decoding.
- HTTP decoding.
- Redis protocol decoding.
- HTTP plugins:
Security
- Agents connexion by private/public keys, with HTTPS security.
- Role based access control for users.
- Access filters to restrict data access at data level.
- RBAC access management between services.
High Availability and Performance
- Low agent footprint thanks to Go: < 50MB of RAM, low CPU usage, highly scalable.
- Stateless REST microservices.
- High availability by Kubernetes clustering.
- Resilient architecture with automatic remediation of most errors.
- Optimised resources usage on Kubernetes.
- Optimised Docker images.
- Tuning options on the setup + comprehensive documentation.
- Auto-scaling solution, battle tested at more than:
- 2 GB of packets parsed /min
- 200 000 HTTP communications/min for days
- Capturing and analysing 2 TB of data per day.
Learning
- Comprehensive website with powerful search feature.
- Official remote or on-site trainings for Users, Administrators or Developers.
- Training features embedded in the product
Support
- User impersonation feature.
- Structured and enriched logs with execution contexts and linked business resources for fastest support.
- Export of UI user state in the emitted logs for a direct replay of actions and a quick issue resolution.
- Audit fields in the configuration resources.
- Ticketing system: https://support.floocus.com
License
- No limit in servers, users, data...
- Usage based invoicing on CPU
- Central license management solution: https://users.floocus.com, with:
- License management
- Usage reporting
- Estimated billing
- Invoicing