Docs / Security Mode

Security Mode

Scan captured traffic for leaked secrets, PII, and threats.

Security Mode passively scans your captured traffic against 99 built-in rules and surfaces findings in a dashboard with severity and confidence scoring.

What it detects

Credentials — 30+ token types (API keys, bearer tokens, cloud keys) via prefix + regex + Shannon-entropy validation.
PII, insecure headers, C2/beaconing patterns, privacy/tracking, content issues, session/anomaly/supply-chain, and WebSocket-specific rules.

Custom rules

Add your own rules in the rule editor, or import a subset of Sigma rules. Threat-intel domain reputation uses a Bloom-filter feed.

Privacy

Security Mode is opt-in with a consent dialog. Evidence is sanitized (secrets redacted) and you control retention; nothing is sent anywhere.