Cross architecture featherweight traffic data microprobes provide unprecedented high-quality metadata for data analysis platforms
Background
In cloud, cloud native, and cross architecture security, operation, and monitoring scenarios, multi-dimensional and fine-grained traffic and asset data are required; Especially in AI analysis for security, there is a greater need for high-quality traffic log data;
However, due to the dynamic, lightweight, and sensitive characteristics of the cloud environment, it is not easy to obtain this data without affecting business and hosts, and without pressure on the cloud environment and network bandwidth.
1. Highly integrated standalone featherweight program
In an standalone program with only 800KB, all functions including packet capture, session reassembly, content extraction, KPI calculation, JSON encapsulation, communication forwarding, and configuration management have been completed;
2. Higher performance, lower resource consumption
Excellent architecture and coding capabilities ensure that in 99% of environments, users do not need to deploy and run TiFlow, adding computing resources (can provide stress testing reports); Even in extreme situations, provide self decompression algorithms to fully ensure no increase in user costs and no impact on business and hosts;
3. Multi-dimensional, fine-grained data capabilities
In an open JSON message, it includes host and process information, TCP/UDP aggregated data, L7 Header/HTTP/API/SQL......, Body/Payload, dozens of performance/communication metrics; Fully support various security and operational needs;
4. No impact on applications and hosts
In deployment, there is no need to restart or modify the business and host, and there are no third-party program dependencies;
More importantly, during operation, there is no increase in application latency and interruption risk in principle, but L7 and Payload content and various KPI/KQI can be obtained;
5. No pressure on cloud environment and bandwidth
Customized output of high-quality JSON messages on demand, without the need for switch/vSwitch traffic mirroring function, and without the need to output host/virtual machine traffic externally, without putting pressure on cloud environment and bandwidth;
6. More open and simple ability to be integrated
With an open and standardized data structure, breaking data silos, code free development, and fast integration with various big data solutions, including ELK/ES,Opensearch,Graylog,Splunk...... Easily leverage the value of excellent metadata and quickly implement more previously difficult application scenarios;
7. Excellent compatibility across architectures and platforms
Four versions, Linux (for X86 and ARM), Image, Windows, Linux for eBPF, widely supported:
Support traditional architecture, cloud, K8S; X86, ARM; Linux, ARM; Server, client (PC and laptop);
Among them, the Linux for X86 version can be implemented as a single program version, supporting various commonly used Linux versions for public clouds without considering the Linux kernel.
TCPIPlabs Tech., Inc. © 2022-2024 EULA,Infomation and Code Secunity Statement
Product Center | Scene Centre | Company Related | |
Cloud East-West Security | |||
TiCenter-Multi Scene Center | Cloud Traffic Analysis | Our Insights | |
TiScanner Baseline Probe | Data Behavior Monitoring | To Our Partners | |
TiRunner Stress Platform |
|
Contact Us | |