All features

Capture

• Supported network:
  • ISO 2 layer : Ethernet, Linux SLL, VXLan.
  • ISO 3 : IPv4.
  • ISO 4 : TCP, UDP.
  • ISO 5 - 7 : HTTP.
• Distributed capture of remote hosts.
• Agents remote configuration from the UI.
• Agents deployment from the UI
• ‘Applicative cluster’ mode: capture of many probes on the same system are merged in a single view.
• Automatic discovery and tracking of hosts DNS names.
• Packet filtering: PCAP standard filters + regular expressions on hosts FQDN.
• Circuit breakers in place to limit capture impact on spikes.
• Continuous monitoring of probes.
• PCAP standard files may be injected directly on the web interface.
• Limit capture size for big communications download.
• Deduplicate packets and communication when capturing both side of the communication.
• Capture only data packets to lower CPU and network usage
• Understand and manage duplicated packets arriving late

Decoding

• Real time decoding of communications.
• Rebuilding of TCP flows.
• High level protocols analysis.
  • Only HTTP for now.
  • Modular architecture to quickly add new protocols.
• On the fly payload content rebuilding content and decompressing.
• Clients identification and customisable tagging for specific filtering.
• Filtering and removal of sensitive data by defining rules in configuration.

Analysis and reporting

• Customisable layout.
• Automatic refresh of data.
• Dynamic and intuitive time travel in data with a time resolution from many days to microseconds.
• Dynamic and customisable dashboard to show global metrics, latency, size, errors... grouped by technical and business axes.
• Save and reload dashboard dispositions.
• Dynamic and customisable map of network services that presents, in real time, the load and quality of systems communications.
• Combined data analysis of as many agents as needed, even with different systems using the same IP address range.
• Clients identification and tracking of their communications.
  • Support of JWT, Certificates and Basic Auth. Extensible.
• Merged or split representation of services replicas.
• Hide proxies jumps to reveal true clients of calls.
• Multi level communication analysis:
  • Statistics panel with customisable metrics and pivot tables.
  • Sequence diagrams.
  • Customisable grid.
  • Map view of services with aggregated statistics.
  • Detailed views from rebuilt communications to the unitary packets they are built from.
• Compute and display differences between communication.
• Easy tracking of correlation and tracing tokens.
• Multi criteria searches and dynamic filtering of communications.
• Graphical view and edition of filters.
• Autocompletion of filters.
• Save and reload queries.
• Continuous saving of users view for best user experience. The application comes back as it was before on reconnection.
• Powerful display of communication payload
  • Pretty print and color syntaxing of:
    • HTML, XML, JSON, JS, CSS
  • Native display of captured pictures and videos.
• Instantaneous creation of shared URL links to exchange your findings with your peers, and reference them in tracking systems.
• Publication feature with Public links to share an analysis session to external users. With limited time and data access.
• Communications export:
  • PCAP, JSON & XLSX
• Sequence diagram export:
  • SVG, PNG
• Statistics export:
  • XLSX
• Hosts import & export:
  • JSON
• Settings copy, import & export:
  • JSON
• Dark mode available!

User management

• Authenticated solution.
• Multi tenant solution.
• Scalable solution with team management for centralised user management.
• Access sharing options for users.
• Role based access control for users.
• User creation:
  • By SSO with Open Id Connect
  • By LDAP link.
  • By the user himself with an integrated web form with email validation process.
• Option to validate manually new accounts.
• Password recovery with email validation.
• Email notifications of mail / password change.

System management

• Automated and secured administrators account creation
• Automated rotating storage to control data retention
• Customisable Data Store Policies to allow different agents to have different data retention time
• Integrated solution monitoring system to validate its correct behavior:
  • Summary global dashboard.
  • Infrastructure view.
  • Applicative view.
  • Database view.
  • Performance view.
  • Distributed probes monitoring.
• Integrated alerting system with mail notification.
  • No need for an extra notification system.
• Alert metrics API in Prometheus format.
• Health API for status page integration
• Automated deployment of agents
  • Kubernetes Controller to deploy as ephemeral containers
  • Swarm watchdog to deploy with the sidecar pattern in Docker Swarm.
• Centralized collect and analysis of logs, being applicative, technical or web.
• Integrated users usage statistics and dashboard.
• Hot reloading of configuration changes.
• Regular backup of configuration to S3 compatible object store.
• Automatic restore at installation feature
• Regular purge and clean jobs to maintain the system.
• Fully customisable configuration of services directly from Helm.

Setup

• Automated setup and upgrades with Helm charts.
• Automated Elasticsearch indices initialisation & migration on setup.
• One line deployment of Kubernetes Controllers
• Agents may be deployed straight from the UI

Integration

• Open API with complete OpenAPI v3 documentation for integration and extensions.
• Documented plugin mechanism to extend Spider feature and allow business integration with the systems under analysis.
• Central Plugin Store to install and share plugins
• Existing plugins (samples):
  • HTTP headers decoding: certificates, security token, cookies…
  • Tags enrichment.
  • Client identification enrichment.

Security

• Agents connexion by private/public keys, with HTTPS security.
• Role based access control for users.
• Access filters to restrict data access at data level.
• RBAC access management between services.

High Availability and Performance

• Stateless REST microservices.
• High availability by Kubernetes clustering.
• Resilient architecture with automatic remediation of most errors.
• Optimised resources usage on Kubernetes.
• Optimised Docker images.
• Tuning options on the setup + comprehensive documentation.
• Auto-scaling solution, battle tested at more than:
  • 2 GB of packets parsed /min
  • 200 000 HTTP communications/min for days
  • Capturing and analysing 2 TB of data per day.

Learning

• Comprehensive website with powerful search feature.
• Official remote or on-site trainings for Users, Administrators or Developers.
• Training features embedded in the product

Support

• User impersonation feature.
• Structured and enriched logs with execution contexts and linked business resources for fastest support.
• Export of UI user state in the emitted logs for a direct replay of actions and a quick issue resolution.
• Audit fields in the configuration resources.
• Ticketing system: https://support.floocus.com

License

• No limit in servers, users, data...
• Usage based invoicing on CPU
• Central license management solution: https://users.floocus.com, with:
  • License management
  • Usage reporting
  • Estimated billing
  • Invoicing