The FlowTraq team is proud to announce the availability of the Q3/13 release of FlowTraq. This release comes with a lot of new features aimed at improving your ability to secure and manage large networks.
Q3 introduces two powerful techniques: First, Traffic Groups allow for quick and easy grouping of hosts and subnets under your own organizational schemes, whether internal or external. They can be refined minutely through FlowTraq’s filtering language to pinpoint exactly those sessions that belong to the group and those that don’t: for example, you can group all the HTTP and HTTPS traffic going to your web servers as a single entity.
Second, FlowTraq Friendly Names allow flexible labeling of a wide variety of entities tracked by FlowTraq: IP address or netblock, application, service endpoint, IP pair, etc. It’s easy for any user to give anything they see in the FlowTraq interface a name as they see it, either for long-term organization or for short-term forensics.
FlowTraq now offers even greater control over view granularity, offering new views based on netblock and exporter/interface pairing. The netblock view, extracted from the export packet or from autonomous system reverse-resolution, shows a middle ground in traffic granularity between the high-level ASN view and the fine-grained level of individual IP addresses.
The FlowTraq Threats interface has been updated for quick viewing and filtering of its NBI alerts, and for more easily navigating to the corresponding flow data in your workspaces.
We’ve also expanded FlowTraq’s already-powerful filtering capability with ‘click-to-filter’. You can now quickly pivot on any entity in your tables and inspect its traffic.
More improvements were made to facilitate FlowTraq’s interaction with SIEM tools such as Splunk: get your data into those tools more easily, and get back to FlowTraq when you need to dig into your network traffic as part of your investigation.