POC Kick Off Guide

This guide gets you up and running with Qplane's most valuable features. We'll focus on practical wins you can achieve quickly in a dev/testing environment.

What You'll Get

Immediate visibility into:

  • Every external API your backend connects to

  • Which services are talking to which vendors

  • What kind of data is being sent

  • Performance metrics and error patterns

  • Real-time traffic dashboards

Without:

  • Code changes

  • Latency impact

  • Complex configuration

  • Standing up additional infrastructure

Part 1: Your First Agent (10 minutes)

What Qplane Does

Qplane is your cloud control panel for managing lightweight agents (Qtap) that capture network traffic at the kernel level. Think of it as having X-ray vision into all your encrypted HTTPS traffic.

Deploy Your First Agent

When you create an account at app.qpoint.io, the installation wizard walks you through deploying your first agent. You'll get a registration token and installation commands for your environment.

Quick install options:

# Linux binary
curl -s https://get.qpoint.io/install | sudo sh
sudo qtap --registration-token=$YOUR_TOKEN

# Docker
docker run --privileged --pid=host --network=host \
  -v /sys:/sys \
  us-docker.pkg.dev/qpoint-edge/public/qtap:v0 \
  tap --registration-token=$YOUR_TOKEN

# Kubernetes (Helm)
# See installation wizard for your specific Helm commands

The agent starts capturing traffic immediately. No restarts, no configuration files.

Part 2: Understanding Your Dashboard (10 minutes)

The Overview Page

Navigate to Overview to see your traffic at a glance:

  • Vendors: External services your apps connect to

  • Clients: Internal services making requests

  • Performance: Connections per second, bytes transferred

This is your "command center" view.

The Inventory Pages

Vendors (Inventory → Vendors)

  • Every external API or service you're connecting to

  • Metrics: request counts, data transferred, error rates

  • Answers: "What third-party services are we using?"

Endpoints (Inventory → Endpoints)

  • Specific API endpoints being called

  • Example: api.stripe.com/v1/charges

  • Answers: "Which exact APIs are we hitting?"

Clients (Inventory → Clients)

  • Your internal services making requests

  • Process attribution shows which container/app is responsible

  • Answers: "Who's making this call?"

The Traffic Pages

Logs (Traffic → Logs → HTTP Requests)

  • Real-time feed of every HTTP request

  • Click any request to see headers, timing, response codes

  • Perfect for debugging

Usage (Traffic → Usage)

  • Performance metrics over time

  • P99 latency, error rates, bandwidth

  • Spot patterns and issues

Want to understand the complete architecture? See How It Fits Together to learn about data flow, YAML vs UI, and how all components connect.

Part 3: Key Features That Make Qplane Powerful (10 minutes)

1. Automatic Discovery

You don't configure what to monitor. Qplane discovers everything automatically:

  • New services your team deploys

  • Shadow IT (services added without approval)

  • Forgotten integrations still running

Try it: Deploy a new service that calls an external API. Within minutes, it appears in your Vendors list.

2. Process Attribution

Every connection shows you exactly which process/container made it. This is huge for:

  • Multi-tenant environments

  • Debugging ("which service is hammering this API?")

  • Security ("who connected to that unknown domain?")

Check it: Go to Traffic → Logs → Connections. See the "executable" column and click for more details pertaining to traffic source

3. Security Monitoring: Scanners & Sensitive Data

The Security tab provides two powerful capabilities for understanding and protecting your data flows.

Vulnerability Scanners (Rules-Based Detection)

Navigate to Security → Overview to access the scanner setup wizard. Scanners are pre-built detection rules that monitor your connections for security threats and risky patterns across six categories:

  1. Shadow IT & Egress Control: Detects unmanaged activity, direct-IP/DNS bypass, suspected C2-style behavior, backdoors, covert exfiltration

  2. Data Protection & Privacy: Catches risky handling of PII/PHI/PCI and company secrets, exposure risks, mishandling indicators

  3. AI & LLM Governance: Controls data exposure to AI systems, monitors LLM usage, new vendors/endpoints, enforces policies

  4. Third-Party & Compliance Governance: Discovers vendors, tracks cross-border transfers, produces GDPR/SOC2/PCI/data-residency evidence

  5. Authentication & Credential Security: Protects tokens and identities, detects misuse, leakage, anomalous issuance, authentication failures

  6. Transport Security & TLS Hygiene: Enforces encryption standards, identifies deprecated TLS, plaintext channels, weak baselines

Enabling scanners:

  1. Go to Security tab

  2. Click "Enable Scanners" on the Overview page

  3. Select which vulnerability categories to activate (recommend all six initially)

  4. Click "Activate" to enable the detection rules

  5. The system immediately starts monitoring for these patterns

Important: Scanners are different from alerting rules. Both work together to give you complete visibility.

Sensitive Data Plugin

This feature gives you visibility into what sensitive data is actually flowing through your connections. It answers questions like:

  • "Are we sending PII to that analytics vendor?"

  • "Which apps are exposing customer email addresses?"

  • "Is anyone accidentally sending API keys or credentials?"

How it works:

  1. Navigate to Security → Sensitive Data

  2. Click "Activate Plugin" to launch the setup wizard

  3. Select which data types to detect (20+ types available)

  4. The wizard automatically adds the "Scan Payloads & Data" plugin to your stack

  5. View results in Security → Sensitive Data dashboards

What it detects:

  • Personal Information: Names, emails, phone numbers, geographic locations, dates of birth

  • Financial Data: Credit cards, crypto addresses, IBAN codes, bank account numbers

  • Government IDs: SSNs, driver's licenses, passport numbers, ITIN numbers

  • Technical Data: IP addresses, URLs, API keys, tokens, credentials

  • Medical Data: Medical license numbers, affiliation groups

Smart scanning approach:

  • Samples first 100 requests to each URL for baseline (configurable via "Sample Baseline")

  • Then samples 10% of ongoing traffic (configurable via "Sample Rate")

  • Configurable cache size (default: 4096 URLs) and TTL (default: 24 hours)

  • For production environments, all scanning happens in your environment using Qscan's self hosted docker container

Why this matters for security:

  • Discovery: Find sensitive data you didn't know was being transmitted

  • Risk Assessment: See exactly what data each vendor receives

  • Compliance: Demonstrate data governance with concrete evidence for GDPR, CCPA, PCI-DSS, HIPAA

  • Alerting: Set up alerts when sensitive data goes to unexpected destinations

Example discoveries teams make:

  • Logging service accidentally capturing credit card numbers

  • Analytics vendor receiving SSNs in URL parameters

  • API keys being sent to third-party error tracking

  • Customer PII flowing to non-compliant vendors

Note for dev/testing: The default setup uses Qpoint's managed scanning service (Qscan at api-s.qpoint.io) for easy preview. For production with real customer data, you'll want to run your own Qscan container in your environment to keep sensitive data internal.

4. Zero Configuration Required

Your default setup already includes:

  • Automatic error detection (500s, 401s, 404s, timeouts)

  • Performance monitoring (latency, throughput)

  • Traffic reporting to dashboards

Everything just works out of the box.

5. Team Collaboration

Roles & Permissions (Settings → Team)

  • Invite teammates with different access levels

  • Owner, Administrator, Traffic Manager, Viewer roles

  • Security Viewer, Log Viewer for specific access needs

Views (Settings → Views)

  • Create filtered dashboards for different teams

  • Example: Payment team sees only payment-related traffic

  • Filter by container, domain, namespace, or any dimension

Common Workflows

"Show me everything calling external APIs"

  1. Go to Inventory → Vendors

  2. See the complete list with metrics

  3. Click any vendor to see which clients are connecting

"Debug slow API calls"

  1. Go to Traffic → Usage → Performance

  2. Look for high P99 latency

  3. Click through to Logs to see specific slow requests

  4. Inspect timing breakdown and response details

"Set up error alerting"

  1. Go to Alerting → Rules

  2. The default Detect Errors plugin already captures errors automatically

  3. Create alerting rules to get notified about errors:

    • Click + New Rule

    • Choose from templates (High Error Rate, Low Availability, etc.)

    • Or create custom rules using 50+ metrics

  4. Add integrations at Alerting → Webhooks (Slack, webhooks, PagerDuty)

  5. Alerts fire when your defined thresholds are exceeded

Note: The Detect Errors plugin (in your default stack) captures error details. Alerting rules (in the Alerting tab) notify you when errors occur. They work together but serve different purposes.

"Discover security risks"

Unknown vendors (Shadow IT):

  1. Go to Inventory → Vendors

  2. Look for domains you don't recognize

  3. Click through to see which apps are connecting

  4. These are your shadow IT discoveries

Sensitive data exposure:

  1. Go to Security tab

  2. Click "Enable Scanners" if not already enabled

  3. Select vulnerability categories (recommend all six)

  4. Click "Activate Plugin" on the Sensitive Data page

  5. Choose which data types to detect

  6. Wait a few minutes for scanning to begin

  7. Check Security → Sensitive Data to see results

  8. Identify PII, credentials, or financial data in transit

"Find who's using a specific service"

  1. Go to Inventory → Vendors

  2. Find the vendor (e.g., api.openai.com)

  3. Click it to see all clients connecting

  4. See which containers/processes are responsible

What's Actually Happening

Data Flow (Simplified)

  1. Qtap agent captures network traffic at kernel level

  2. Connection metadata (who, what, when, performance) goes to Qplane dashboards

  3. Request/response data can be stored in your own S3 (for dev/testing, Qpoint provides temporary storage)

What Gets Captured

Always captured:

  • Source (which process/container)

  • Destination (domain, IP, port)

  • Performance (latency, bytes, errors)

  • Timing (when connections happen)

Optionally captured:

  • HTTP headers and bodies (configurable)

Privacy & Security

  • Metadata flows to Qplane for dashboards

  • Sensitive payload data stays in your infrastructure when you configure your own storage

  • Agents run read-only (no traffic modification)

  • Near-zero latency impact on your apps (out-of-band operation)

  • Qscan for sensitive data detection runs in your environment

Quick Wins You Can Achieve Today

Win 1: Discover Your Attack Surface

Time: 5 minutes

Go to Inventory → Vendors. You now have a complete, real-time inventory of every external service your infrastructure connects to. Most teams discover 30-50% more vendors than they knew about.

Win 2: Identify Shadow IT

Time: 2 minutes

Look for vendors you don't recognize. Filter by "Unknown" if available. These are services your teams added without going through procurement or security review.

Win 3: Debug Production Issues Faster

Time: Next time something breaks

When an integration fails, go to Traffic → Logs, filter to that vendor, and see the exact requests, responses, and error codes. No more guessing.

Win 4: Identify Data Exposure Risks

Time: 5 minutes

Go to the Security tab and use the wizards to enable scanners and activate the sensitive data plugin. Within minutes, see what sensitive data your apps are transmitting and what security risks exist. Discover PII, credentials, or financial data you didn't know was being sent to external services.

Win 5: Set Up Proactive Alerting

Time: 5 minutes

The default error detection rules are already active. Add a Slack webhook at Alerting → Webhooks, and you'll get notified immediately when services start failing or slowing down.

Next Steps

Add More Agents

Deploy agents to other environments:

  1. Go to Settings → Installations

  2. Create new installation (e.g., "Staging", "Dev")

  3. Get the registration token

  4. Deploy agent with that token

  5. All environments visible in one dashboard

Create Custom Stacks

Stacks control how traffic is processed. For now, the default stack does everything you need. When you're ready to customize:

  1. Go to Plugins → Stacks

  2. Create stack for specific use cases (e.g., detailed capture for debugging)

  3. Route specific domains to specific stacks

Learn more: Stacks & Plugins Guide for complete plugin reference and advanced configuration

Set Up Routing Rules

Route different domains to different stacks for processing:

  1. Go to Plugins → Routing

  2. Add domain patterns

  3. Assign to stacks

  4. Example: Capture full payloads from *.yourdomain.com for debugging

Learn more: Routing Rules for advanced domain matching patterns

Key Benefits Recap

Centralized Management

  • One dashboard for all environments

  • Configuration changes propagate automatically

  • No YAML editing required

Automatic Discovery

  • No configuration needed

  • Discovers new services automatically

  • Complete visibility with zero setup

Team Collaboration

  • Role-based access control (RBAC)

  • Filtered views for different teams

  • SSO support available

Zero Friction

  • Deploy in minutes

  • No code changes

  • Near-zero latency impact (out-of-band operation)

  • No proxy or sidecar overhead

Immediate Value

  • See all external dependencies instantly

  • Debug issues faster with request details

  • Monitor performance without instrumentation

  • Alert on errors automatically

  • Identify sensitive data exposure risks

Common Questions

Q: Do I need to configure what to capture? A: No. The agent captures everything automatically. You can add filters later if needed.

Q: Will this slow down my applications? A: No. The agent runs out-of-band and doesn't touch your actual traffic flow. Near-zero latency impact because it observes at the kernel level after encryption/decryption happens.

Q: What happens to sensitive data? A: In dev/testing with Qpoint Cloud storage, it's temporary and managed by Qpoint. For production, you configure your own S3-compatible object store (Settings → Deploy → Services → Object Stores) so sensitive payload data never leaves your infrastructure. Event metadata (anonymized connection info) goes to Qplane for dashboards.

Q: Can I use this in production? A: Yes. Many teams run Qplane in production. For production, you'll want to configure your own object storage for sensitive data.

Q: How do I add more team members? A: Settings → Team → + Invite Member. Choose their role and send invite.

Q: What if I have multiple environments? A: Create separate installations for each environment. All visible in one dashboard with environment tags.

You're Ready

You now understand:

  • How Qplane gives you network visibility

  • How to navigate the dashboard

  • How to accomplish common tasks

  • The key features that make it powerful

Start exploring your Inventory and Traffic pages. You'll be surprised what you discover about your own infrastructure.

PreviousHello World - Your First 30 MinutesNextQtap Guides

Last updated