libfsntfs{,-devel,-python3}-20200223-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200223-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200223-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200223-1.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
python3-xlsxwriter-1.2.8-1.{fc26,fc27,fc28,fc29,fc30,el8}.noarch.rpm and python36-xlsxwriter-1.2.8-1.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
Note that the Python 2 version is no longer provided.
python{2,3}-future-0.18.2-1.{fc31,el8}.noarch.rpm -
Python-Future is the missing compatibility layer between Python 2 and Python 3.
It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead.
This package was built to support the packaging of Python-PEFile
which in turn is needed to support the packaging of Volatility-community-plugins.
python3-idna-2.9-1.{fc26,fc27,fc28,el8}.noarch.rpm and python36-idna-2.10-1.el7.noarch.rpm -
IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891.
This is the latest version of the protocol and is sometimes referred to as "IDNA 2008".
python36-psutil-5.7.0-1.el7.x86_64.rpm -
Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network) in Python.
Note that the Python 2 version is no longer provided.
python{2,3}-requests-2.23.0-1.fc26.{i686,x86_64}.rpm and python36-requests-2.23.0-1.el7.x86_64.rpm -
Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings.
Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-3.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-3.{fc31,el7,el8}.x86_64.rpm and -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28.
This release contains those fixes.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-4.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-4.{fc31,el6,el7,el8}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28.
This release contains those fixes.
analysis-pipeline-5.11.3-3.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-3.{fc31,el7,el8}.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt to use silk 3.19.0 release 3.
prism-1.2-8.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and prism-1.2-8.{fc31,el7,el8}.x86_64.rpm -
The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool.
The script can be used directly, or might be used as a component in other more specialized scripts.
In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup.
This package was rebuilt to use silk 3.19.0.
super_mediator-1.7.1-2.{fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.1-2.{fc31,el7,el8}.x86_64.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
This package was rebuilt to use silk 3.19.0.
fmem-kernel-modules-common-1.6-1.5.noarch.rpm -
Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations.
This package contains the source code for making the FMEM kernel modules and the install-fmem script.
The changes are the following:
Fmem code up to date as of February 28, 2020 which incorporates changes for Linux 5.5 kernels.
pfring-7.6.0-2852.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2852.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2295.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc31-x86_64-1.6-1.12.noarch.rpm -
Support for the following kernels were added for Fmem:
5.5.5-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-12.noarch.rpm -
Support for the following kernels were added for LiME:
5.5.5-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.30.noarch.rpm -
Support for the following kernels were added for Fmem:
5.4.21-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-30.noarch.rpm -
Support for the following kernels were added for LiME: