-
Notifications
You must be signed in to change notification settings - Fork 5
PRD v1.0
Rp edited this page Oct 17, 2018
·
4 revisions
| Version | v0.1 |
|---|---|
| Date | 14-oct |
| Product Owners | Rp |
| Reviewers |
Packet sniffer and analyser (PSA) can intercept the packets on the network, store them and analyse them to achieve the following:
- detect network intrusion attempts
- monitoring WAN bandwidth
- detect exploited systems
- identify application level protocols (like GIT, Skype, etc…)
- PSA is a stand-alone application that is meant to run on Linux systems.
- PFA can be run either in the background or in the foreground.
- PSA is expected to locally installed and run when necessary.
- PSA, once started, can run forever until stopped manually.
PSA can be used by individuals who host Linux based servers, to understand the threat vector & eventually use the data to plug the loopholes in their network security.
- PSA will be monitored by the client & no self monitoring.
- PSA will be configured according to the constraints of the system on which this will be executed.
- PSA will be run with the ‘root’ privileges.
| # | Requirement Type | Title | User Story | Importance | Notes |
|---|---|---|---|---|---|
| 1 | Functional | Support multiple network interfaces |
AS A user I WANT TO support multiple NIC interfaces SO THAT I can monitor all the traffic |
MVP | |
| 2 | Functional | Identify FQDNs of end-points of all network connections |
AS A user I WANT TO see the FQDNs of all my network connections SO THAT I can classify & understand the origin of those connections |
MVP | |
| 3 | Functional | Identify application level protocols like GIT, VoIP, etc... |
AS A user I WANT TO see the application level protocols used SO THAT I can classify & understand the origin of the connections |
Optional | |
| 4 | Functional | Archive the meta-data from each sniffed connections |
AS A user I WANT TO analyse the raw data offline SO THAT I can can analyse the same data repeatedly and for newer patterns |
MVP | |
| 5 | Supportability | Provide a report of the network activity |
AS A user I WANT TO generate custom reports SO THAT I can analyse & understand the network patterns |
Must-have | The reporting could evolve over time from a simple print the details to console to a DB archive to Power BI style reporting |
| 6 | Functional | Identify open ports on the local network |
AS A user I WANT TO identify list of open ports within my networked devices SO THAT I can plug the gap from security point of view |
Optional | |
| 7 | Functional | Identify & alert network intrusion |
AS A user I WANT TO be alerted when a network intrusion happens SO THAT I can close the access path & reduce data breach |
Optional | |
| 8 | Functional | Monitor bandwidth usage on a per device basis |
AS A user I WANT TO know the bandwidth consumption on a per device basis SO THAT I can take informed decisions on limiting the bandwidth consumption |
Optional | |
| 9 | Functional | Identify an exploited device based on the traffic pattern |
AS A user I WANT TO know the exploited device SO THAT I can take measures to repair/clean/fix the system |
Optional | |
| 10 | Usability | Easy installation & execution |
AS A user I WANT TO have one-click installation & one-click execution SO THAT I can execute this sniffer at will and not worry about setup time |
Must-have | |
| 11 | Usability | Configurability |
AS A user I WANT TO auto-configuration (or one-time effort) SO THAT I can set it up & forget about it |
Must-have | Auto-configuration is a desired feature. The one-time setup is a must-have |
| 12 | Performance | Non-intrusive & minimal resource utilisation |
AS A user I WANT TO monitor in the background & non-intrusively SO THAT I can continue my daily operations & activities without any impact |
Must-have | A CPU-utilization of less than 1% is ideal but a decent 5% can be considered too. The memory usage should not cross 4MB of RAM. |
| 13 | Reliability | Capture all packets |
AS A user I WANT TO capture all the packets SO THAT this is a one-stop solution |
Must-have | |
| 14 | Supportability | Ability start & stop easily |
AS A user I WANT TO stop (or start) the application SO THAT I can do so if there is a performance degradation or other impacts to regular activity |
MVP | |
| 15 | Technical (Integration) | Importable package |
AS A vendor I WANT TO import PSA’s feature-set in to my application SO THAT I can perform custom analytics & UI to present to my users |
Optional | |
| 16 | Usability | Help documentation |
AS A user I WANT TO blah SO THAT I can blah |
Good-to-have |
#1, #2, #4 & #14 should be satisfied.
#10, #11 should be satisfied.
#11 should be satisfied.
#12 should be satisfied.
#5 should be satisfied.
| Event | Date |
|---|---|
| Desired Date of delivery for System Integration Test Phase | 12/01/2018 |
| Desired Date of delivery for Production | 12/31/2018 |
Contributors are welcome. Please drop an email to Rp