Software Engineering Institute

LiFTeR: Changes for analysis-pipeline

April 13, 2022: analysis-pipeline-5.11.4-1.{c33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM).
April 13, 2022: analysis-pipeline-5.11.4-2.{fc33,fc34,fc35,el7,el9,amzn2}.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package is installed in the forensics-test repository. This package was rebuilt to use libfixbuf 3.0.0.alpha1. Please address any comments on these packages to netsa-help@cert.org.
January 7, 2021: analysis-pipeline-5.11.3-5.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use libfixbuf 2.4.1.
April 17, 2020: analysis-pipeline-5.11.3-4.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-4.{fc31,el7,el8}.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use silk 3.19.0 release 3.
February 28, 2020: analysis-pipeline-5.11.3-3.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-3.{fc31,el7,el8}.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use silk 3.19.0 release 3.
November 1, 2019: analysis-pipeline-5.11.3-2.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-2.{el7,el8}.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use silk 3.19.0.
September 20, 2019: analysis-pipeline-5.11.3-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes.
August 30, 2019: analysis-pipeline-5.11.2-2.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.2-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use libfixbuf 2.4.0.
July 31, 2019: analysis-pipeline-5.11.2-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.2-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM).
June 21, 2019: analysis-pipeline-5.11.1-2.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.1-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). Note: This release was built to add JSON alerting capabilities.
April 19, 2019: analysis-pipeline-5.10-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.10-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use libfixbuf 2.3.1.
March 29, 2019: analysis-pipeline-5.10-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.10-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes.
December 18, 2018: analysis-pipeline-5.9-3.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.9-3.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes. This package was rebuilt to use silk 3.18.0.
December 7, 2018: analysis-pipeline-5.9-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.9-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes. This package was rebuilt to use libfixbuf 2.2.0.
July 20, 2018: analysis-pipeline-5.8-2.{fc23,fc24,fc25,fc26,fc27,fc28,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.8-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use libfixbuf 2.1.0.
June 1, 2018: analysis-pipeline-5.8-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.8-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use silk 3.17.1 and libfixbuf 2.0.0.
March 16, 2018: analysis-pipeline-5.7-2.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.7-2.el7.86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use silk 3.16.1.
January 5, 2018: analysis-pipeline-5.7-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.7-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes for this release.
November 10, 2017: analysis-pipeline-5.6-4.{fc21,fc22,fc23,fc24,fc25,fc26,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.6-4.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes for this release. This package was rebuilt to use libfixbuf 1.8.0.
June 30, 2017: analysis-pipeline-5.6-3.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.6-3.el7.86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes for this release. This package was rebuilt to use silk 3.16.0.
April 7, 2017: analysis-pipeline-5.6-2.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.6-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes for this release. This package was rebuilt to use silk 3.15.0.
January 15, 2017: analysis-pipeline-5.6-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.6-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes for this release.
December 8, 2016: analysis-pipeline-5.5-2.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.5-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This release was built using SiLKSiLK version 3.14.0.
November 14, 2016: analysis-pipeline-5.5-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.5-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the changes since the last version (5.4.1).
July 15, 2016: analysis-pipeline-5.4.1-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.4.1-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the changes since the last version (5,4).
June 10, 2016: analysis-pipeline-5.4-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.4-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM).
April 8, 2016: analysis-pipeline-5.3.2-2.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.3.2-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This version was rebuilt to use the latest version of SiLK, specifically 3.12.0.
February 26, 2016: analysis-pipeline-5.3.2-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.3.2-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the changes to the Version 5 release of analysis-pipeline.
February 12, 2016: analysis-pipeline-5.3.1-3.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.3.1-3.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the changes to the Version 5 release of analysis-pipeline.
October 23, 2015: analysis-pipeline-4.4.1-3.{fc17,fc18,fc9,fc20,fc21,fc22,el5,el6}.{i686,x86_64}.rpm and analysis-pipeline-4.4.1-3.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This version was rebuilt to use the latest version of SiLK, specifically 3.11.0.
December 24, 2014: analysis-pipeline-4.4.1-2.{fc17,fc18,fc9,fc20,fc21,el5,el6}.{i686,x86_64}.rpm and analysis-pipeline-4.4.1-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This version was rebuilt to use the latest version of SiLK, specifically 3.10.0-1.
October 31, 2014: analysis-pipeline-4.4.1-1.{fc17,fc18,fc9,fc20,el5,el6}.{i686,x86_64}.rpm and analysis-pipeline-4.4.1-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the changes in this release.
September 26, 2014: analysis-pipeline-4.4-2.{fc17,fc18,fc9,fc20,el5,el6}.{i686,x86_64}.rpm and analysis-pipeline-4.4-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This version was rebuilt to use the latest version of SiLK, specifically 3.9.0-1.
September 19, 2014: analysis-pipeline-4.4-1.{fc17,fc18,fc9,fc20,el5,el6}.{i686,x86_64}.rpm and analysis-pipeline-4.4-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the changes in this release.
February 12, 2014: analysis-pipeline-4.3.2-2.{fc17,fc18,fc9,fc20,el5,el6}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This version was rebuilt to use the latest version of SiLK, specifically 3.8.1-1.
January 22, 2014: analysis-pipeline-4.3.2-1.{fc17,fc18,fc9,fc20,el5,el6}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See the release notes for a list of changes.
July 10, 2013: analysis-pipeline-4.2-2.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See the release notes for a list of changes since the previous version, 3.0.0.
August 23, 2012: analysis-pipeline-3.0.0-1.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM).
The Analysis Pipeline supports many types of analysis, including:
- Watch list alerting (did we see traffic from a known bad IP?)
- Beacon detection
- Passive FTP detection
- IPv6 tunnel detection
- Thresholding (e.g., is total bytes over a limit?)
- Collection issues (is a sensor no longer reporting?)
Although the Analysis Pipeline can be run interactively, it is designed to be incorporated into the SiLK collection and packing infrastructure, where it can analyze every SiLK Flow record produced by rwflowpack as the records are being added to the SiLK data repository.
When a record matches an analysis, the Analysis Pipeline may output the record in a pipe-delimited textual format. Whether a record is output depends on how often the administrator has configured the Analysis Pipeline to issue that type of output. The administrator can easily configure a SIEM to process the output generated by the Analysis Pipeline.