Sycope introduces a new version of its network traffic and security monitoring software

News | 19.06.2023

Sycope 2.3 records, processes and analyses all parameters contained in the data streams, supplemented by SNMP, geolocation and security feeds. This makes it possible to detect network problems, measure delays and identify security threats. The tool supports NetFlow, SFlow, IPFIX, and NSEL protocols. Sycope's security function was developed based on the MITRE ATT&CK methodology. Syncope 2.3’s rules and mechanisms for detecting security incidents make it possible to counter-attack and detect undesirable activities in the network at an early stage.

Sycope v 2.3 comes with many updates, but the most remarkable features are:

  • User Scripts: which allows for automatic communication by POST JSON messages with external systems using the REST Client. Now we can send Alerts details to external systems and applications directly or create (Partner/Customer ) a custom script which will parse the information and apply custom logic. Examples of such actions/logics are numerous etc: (Scan suspicious IP,  Block suspicious IP on Firewall, Create a ticket in service desk applications.)
  • Advanced Custom Aggregations:  It’s next step in our evolution of making our analytics even more flexible. Now we can not only create new aggregation, but it can be done with flexible number of keys and metrics. User can also apply retention policy to such aggregation according to the needs.
  • Playground:  The User can now easily test the NQL queries both directly from the search bar (what results my filter generate scenario) and raw NQL where user can also check advanced and sometimes not supported in search bar queries (If user can check the scenario).
  • Rule Creator: Rule Thresholds section has become a simple graphical wizard which allows the user to create groups for better graphical representation of data. Additional logical conditions were added.
  • Search bar:  Operation of our search bar has been simplified (Simple mode)  and  User can now view the selected elements in convenient, editable tiles. For advanced user previous search bar mode is still available (Advanced mode),
  • Security content: (Rules and Dashboards) was refreshed. Additionally, we introduced new in-build objects : System favorites filters and Macros which give the options to User to analyze traffic in a simplified and out of the box method.

 These innovations are based on the Sycope's own research and development, implementing customer feedback from the field. The aim of the development is not only to provide data, but also the necessary answers to effectively improve performance and security in the network.