DefenSys
←   Back to Home

Known Limitations

Current constraints and features not yet implemented. Understanding these helps set expectations.

Packet Capture

  • Windows: Relies on netstat or Npcap. Deep packet inspection requires Npcap/Wireshark.
  • Encrypted traffic: Cannot inspect payload of TLS/HTTPS without man-in-the-middle setup.
  • High-speed networks: May drop packets on very high-throughput links. Tune rate limit.

Machine Learning

  • Python dependency: Full ML requires Python and scikit-learn. JavaScript fallback is heuristic-based.
  • Training data: Must collect traffic before training. No pre-trained model for generic networks.
  • Explainability: Limited explanation of why a flow was flagged as anomalous.

Platform

  • Firewall: Auto-block supported on Windows and Linux only. macOS has limited integration.
  • Admin rights: Packet capture and firewall typically require elevated privileges on Windows.

Scale

  • Single instance: Desktop app is designed for one machine. No built-in distributed deployment.
  • SQLite: Fine for single-user; not designed for high-concurrency multi-writer scenarios.

Features in Development

  • Some advanced views (ML Dashboard, Threat Response, etc.) may show "Feature in Development" modal
  • 3D network visualization, UEBA, threat hunting query language are partially implemented or planned