13 Feb 2013

What's New in Packetloop 1.0.1!

0 comments Permalink Wednesday, February 13, 2013
This release is very special to us as it's our commercial release. For us it's the end of a tough yet enjoyable development process. We shipped, soooo happy!

It is important to note that the platform is sparkling new and you will need to sign up for a Free or Paid Account before accessing over 50GB of public datasets or uploading your own packet captures. Any Early Access or Beta accounts have been retired.

In this release we shipped the following features;
  • Redesigned User Interface and Experience
  • Customers can upload data via Web Upload and Send a Disk (up to 16TB!)
  • Live processing for smaller uploads.
  • The ability to delete packet captures after they are processed.

User Interface and Experience

Our first commercial version had to pop! We have gone through three user interface designs whilst in development - it's important to us and we hope you like the design. 

Packetloop "Metro" User Interface - more analytics, less wood panels.

The old user interface was starting to resembled a wood panelled station wagon and we wanted a clean analytics product look. So out went the bezels, the gradients and panels and in came a clean design that we call "metro" internally. It wasn't inspired at all by Microsoft or Windows 8 though ;)

We opened up a lot of space in the header, removing space taken up by features that are yet to ship and placing all functions in a pivot on the left hand side.

Feature Pivot
To provide even more space when you are working in the main visualization or the data panels when you scroll down the menu minimizes to give you more space to operate. It's a subtle and smart transition allowing data panels to be viewed while still rendering the entire main visualization.

Header minimised - more data panel with main visualization.

In the main visualization area we added a Zoom to Fit icon and what we call a Follow Annotation. Zoom to Fit used to be in the time period select box but you end up using it so much it deserved it's own button. Also the Follow Annotation tracks with your mouse pointer providing a clear understanding of key threat metrics. It's designed to be unobtrusive - not taking away from the main visualization but complementing it.

Zoom to Fit and Follow Annotation

Quick Search and Advanced Search are now accessible via icons in the navigation menu. Inspired by vim you can also use hot keys to access them (try forward slash for quick search). 

Quick Search

Just press forward slash and then describe what you are looking for, and make a selection with your mouse or simply press enter.

Advanced Search allows you to type in things you are looking for or click through a linked list. Think of it like a network graph - if you click on a node like Source IP address then all other criteria is filtered based on that node. This allows you to search and filter event data incredibly fast.

Advanced Search

The legend options and guides are now accessible by selection the plus (+) icon in the Legend area. Guides are a great way to augment your analysis and bring outliers to the surface much faster. In the example below I have enabled the guide for "Looped Attacks".

Legend Options

The "Looped Attacks" guide.

Lastly Packetloop is now supported in more browsers - Internet Explorer 9 and 10, Firefox, Safari and Chrome.

Web Upload and Send a Disk

In this release we enabled the ability to upload full packet captures via Web Upload and Send a Disk methods. For Web Upload click on the "Upload Files" button in the top right, choose or create a Capture Point and then Upload.


Web Upload - Drag and Drop or Click to Select.

Send a Disk upload allows you to capture a massive amount of full packet captures and ship us the disk. You can encrypt the captures with a passphrase and supply the passphrase to us when we process them. We are initially trialling this with US customers and shipping is free. In the next release we will enable it for all customers. We support USB, eSATA or 2.5/3.5 inch disks up to 16TB in size. If you encrypt and compress these archives that is around 32TB of full packet captures! Note that Send a Disk functionality is handled via raising a ticket with support.packetloop.com but will become fully automated in the next release.

All upload methods support gzip, xzip (lzma), and bzip2 compression and also tar archives. So if you want to tar up an entire directory, compress it and upload via Web Upload or Send a Disk you can.

Live Processing

We are designed and built for Big Data but we haven't forgotten the little guy. We envisage that a lot of customers will upload relatively small captures to test the service before they commit large amounts of data. We will process small captures live and not even engage the Big Data back end processing making it as fast to process 100Mb as it is to process 1TB.

Packet Capture Deletion

In this release customers are able to delete packet captures after we process them. The decision is totally up to you and will be integrated into all upload methods. Once the packet captures are processed they are only required for looping (searching for zero days) and to make new features instantly accessible when we ship them. All the data extracted from the packet capture is inserted into our NoSQL database to be supplied to the user interface.

After the packet captures have been processed customers can click on Settings -> Usage and then delete the original packet capture or the data extracted from the packet capture.

Thanks again!

To all the people that helped us during Early Access and Private Beta. Your interest, passion, excitement and suggestions have been invaluable to us. We are at the end of the line if you want to reach out to us on Twitter, Google+, Facebook or Support.



No comments:

Post a Comment