By analyzing network connections, we are able to assign client and server roles, which ports were used on both sides, what protocol, as well as the application name and network statistics, and the amount of traffic transmitted.
Sycope can monitor, group, and sort all these parameters automatically.
Clear and readable views for data management are very important in inventory.
In Sycope, we can freely personalize all views for resources and statistics.
In our proprietary Asset Discovery view, we have a list of all IP addresses that were automatically detected.
The list can be freely filtered by private or public addressing, profiles, services, subnetworks, tags, description, location, and many others.
The user only needs to add custom variables and subnetworks, but the view with resources will be available even without this information.
In various places in the product, we also have the option to right-click and access the context menu, including actions and Drilldown views, such as Top Clients, IP Reputation, Top Servers, and many others.
In the case of managing an individual resource such as an IP address, it is important to present all available data from NetFlow packets.
We have insight into all applications and ports that are used by a given resource, e.g., a server, as well as all connections to and from, including traffic policies and the number of flows.
This allows us to obtain a full inventory of the traffic that is generated.
In the case of policies, most monitoring systems do not have such functionality at the level of services and applications.
An ideal example is the documentation of security specialists, which precisely defines the allowed network traffic and locations that can connect to our critical application.
The ideal solution is a functionality that allows you to compare detected traffic with established policies.
Sycope solves this challenge with a dedicated functionality called Traffic Rule Profiles.
Profiles allow you to define client and server subnetworks, as well as applications and protocols.
Then, the detected network traffic is matched against each of these elements and the result is available to the user in real time.
Additionally, the same information is available in the form of historical data, which will allow network verification from a time perspective.
The following example presents profiles for applications such as Microsoft Teams or SQL, as well as more general ones such as device management via SSH or Telnet protocol, which should not be used.
Configuring an example profile is very intuitive and easy to modify.
We also have options for export and import, which will allow for mass implementation of any number of profiles and applications.
Inventory data will always have custom fields and variables that are required by a given company or institution.
Monitoring systems must be ready for this and have appropriate flexibility in configuring such fields.
Sycope offers unprecedented personalization by providing unlimited possibilities to create not only variables, but also full tables, so-called Lookups, which can be matched to individual IP addresses, subnetworks, ports, applications, and others.
Additionally, we also support combining several Lookups into one common one, if needed.
Mappers is another functionality that will facilitate inventory management by assigning variables to data values, for example, application names to network ports.
Macros, on the other hand, are a collection of various functions and queries that can generate a result automatically and present it in various places in the system.
We also have a dedicated view for creating objects that can be used in tables, charts, and other system elements.
Fields are fields that are most often based on data in Lookups tables and we can use them for inventory or other actions such as filtering or grouping.
Metrics allows you to define a parameter from historical traffic statistics, e.g., Avg Bits/s.
We have dozens of built-in metrics, but the user can also create a new one.
Ranges are used to record custom ranges for a given value and use it for filtering, for example, a port range.
Collectors, on the other hand, allow you to collect various aggregated statistical data, which are saved separately and available to the user in express mode, e.g., Top 10 Client IPs.
I mentioned the possibility of creating statistics and history for inventory data, and it is worth considering how to manage such a large amount of information.
Systems responsible for monitoring and maintaining current data must present it appropriately, preferably in the form of views and dashboards that can be freely personalized.
The ideal approach is to receive from the manufacturer the ability to analyze both aggregated and detailed data, depending on what we want to obtain and what task to solve.
Sycope provides entire groups of views for the user, which are divided both by functionality (Visibility, Probe, Asset Discovery, Security, Custom) and by the method of data presentation (Trends, Overview, Details).
An example Overview for resources has aggregated information about defined Traffic Rule Profiles and how network traffic is matched to them.
Thanks to this, we are able to easily check the correctness of our security policies and inventory.
Depending on the results, we can improve our policies or decide to introduce additional blocks for network traffic.
This gives us full control over the network, regardless of its size.
Especially since all views can be filtered at any time by any variables such as subnetwork, priority, location, and many others.
However, there are situations in which we prefer an immediate system reaction. This could be traffic outside the policy, an open port, or a connection to the Internet by a given server.
Of course, I am referring to the alerting function, which is necessary in every monitoring system.
It is important to properly use information from network traffic statistics as well as inventory variables in order to create ideal alerting definitions.
Such variables can be part of an email message or even be sent to external ticket systems in the form of a REST API.
Sycope has over 60 alerting rules that the user can run as needed.
We also have the option to clone them or create our own rules, which can initiate alerts using any information related to application traffic, availability, or security policy violations.
