silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-1.{el7,el8}.x86_64.rpm and -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
libipa{,-devel,python}-0.5.2-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and libipa{,-devel,python}-0.5.2-3.{el6,el7,el8}.x86_64.rpm -
LibIPA an IP address annotation system.
IPA provides a flexible and efficient repository of IP address information, tools for querying and maintaining the data, and shared libraries and modules for data access.
For more information, read the IPA documentation.
Note: this release provides no new functionality.
This package was rebuild to change the name from ipa to libipa to address a conflict with CentOS/RHEL 8.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-2.{el6,el7,el8}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
analysis-pipeline-5.11.3-2.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-2.{el7,el8}.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt to use silk 3.19.0.
prism-1.2-7.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and prism-1.2-7.{el7,el8}.x86_64.rpm -
The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool.
The script can be used directly, or might be used as a component in other more specialized scripts.
In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup.
This package was rebuilt to use silk 3.19.0.
super_mediator-1.7.1-1.{fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.1-1.{el7,el8}.x86_64.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
See here for a list of changes in this version.
libfwsi{,-devel,-python2,-python3}-20191025-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20191025-1.el6.{i686,x86_64}.rpm, libfwsi{,-devel,-python2,-python36}-20191025-1.el7.x86_64.rpm, and libfwsi{,-devel,-python2,-python36}-20191025-1.el8.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
liblnk{,-devel,-python2,-python3,-tools}-20191027-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20191027-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36,-tools}-20191027-1.el7.x86_64.rpm, and liblnk{,-devel,-python2,-python36,-tools}-20191027-1.el8.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
python{2,3}-yara-3.11.0-1.{i386,x86_64}.fc30.rpm, python2-yara-3.11.0-1.{i386,x86_64}.el6.rpm, and python{2,3}-yara-3.11.0-1.x86_64.el8.rpm -
Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
libregf{,-devel,-python2,-python3,-tools}-20191029-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-tools}-20191029-1.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-python36-tools}-20191029-1.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
libscca{,-devel,-python2,-python3,-tools}-20191029-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and libscca{,-devel,-python2,-python36,-tools}-20191029-1.el7.x86_64.rpm -
Libscca is a library to access the Windows Prefetch File (SCCA) format.
pfring-7.4.0-2736.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2736.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.0.0-2011.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.19.noarch.rpm -
Support for the following kernels were added for Fmem:
5.3.7-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-19.noarch.rpm -
Support for the following kernels were added for LiME:
5.3.7-200 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.36.noarch.rpm -
Support for the following kernels were added for Fmem:
5.3.6-100 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-36.noarch.rpm -
Support for the following kernels were added for LiME:
5.3.6-100 for FC29
fmem-kernel-modules-el7-x86_64-1.6-1.58.noarch.rpm -
Support for the following kernels were added for Fmem:
3.10.0-1062.4.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-58.noarch.rpm -
Support for the following kernels were added for LiME: