Hello, I would like to request the following auto-connections for the netradar snap:
- hardware-observe
- network-observe
- network-control
- cifs-mount
The netradar snap is used to collect network data from span/mirror ports, for the purpose of managing cyber threats. Therefore, it requires the ability to enumerate network interfaces and change their settings. This is why we require the first three auto-connects. These connections are critical for all of our users.
We use cifs-mount to enable users to collect PCAP files from other hosts in their networks. This connection is very helpful for many of our users.
Thank you,
-Francis
The current description for netradar doesn’t seem to indicate that it would change settings of network interfaces etc - can you please update this to explain more clearly what this snap does and hence to make it expected to a user that it might have such privileged access?
Regarding cifs-mount I am not sure this is appropriate for auto-connect as not all users may want this functionality to just access pcaps from other hosts - this is quite privileged. As such, -1 from me for auto-connect of cifs-mount - instead a user could manually connect this if desired.
Thank you, Alex.
Netradar is usually deployed on a machine with more than one network interface. Netradar captures and analyzes all packets arriving at a specific network interface chosen by the user, including packets not directed to the local machine. Typically, the chosen interface is connected to a mirror port on a switch.
This requires setting the network interface to “promiscuous” mode. That is why we need the network-control connection.
We need hardware-observe in order to enumerate the network interfaces present on the machine, so that the user can choose the one she wants Netradar to use.
Network-observe is needed so that the libpcap library can collect data from the interface.
Would you prefer that we add the above information to the online description of the Netradar snap?
We will accept your decision regarding cifs-mount. We will instruct users who need cifs-mount to connect it manually. However, the other three connections are required for all of our users.
Any response, Alex? Thank you,
-Francis
So the current description for the snap simply says:
Proactive visibility and security for IT networks and cyberphysical systems
Again, this does not describe that the snap would automatically capture all packets or reconfigure network interfaces etc - can you please update this to make it clearer what the snap actually does? Thanks.
@insightcyber - ping, can you please provide the requested information?
@insightcyber - ping, this request cannot proceed without the requested information.
