analysis-pipeline - Stream analysis of SiLK records
|Vendor:||CERT Network Situational Awareness|
The SiLK Analysis Pipeline can be added to the SiLK packing process to analyze flow records as they are collected by rwflowpack.
|analysis-pipeline-5.4.1-1.fc20.src [1.6 MiB]||
by Lawrence R. Rogers (2016-07-14):
* Release 5.4.1-1 List configuration can now write files with the contents of the list without sending an alert. ICMP fields are fixed. Filtering by comparing two fields works with derived fields. Other bug fixes.
|analysis-pipeline-5.4-1.fc20.src [1.6 MiB]||
by Lawrence R. Rogers (2016-06-03):
* Release 5.4-1 Significant memory and processing efficiency improvements. Streamlined Statistic processing Reloading of bag files used as custom thresholds upon update.
|analysis-pipeline-5.3.2-2.fc20.src [1.6 MiB]||
by Lawrence R. Rogers (2016-04-07):
* Release 5.3.2-2 Rebuilt with silk-common-3.12.0
|analysis-pipeline-5.3.2-1.fc20.src [1.6 MiB]||
by Lawrence R. Rogers (2016-02-17):
* Release 5.3.2-1 Pmaps are IP version agnostic. Pmaps can have both v4 and v6 address that can be used with SIP and SIP_V6. Small bug fixes with Ubuntu compiling and domain name processing. Unit test improvements
|analysis-pipeline-5.3.1-3.fc20.src [4.9 MiB]||
by Lawrence R. Rogers (2016-01-22):
* Release 5.3.1-1 Changes for 5.3.1 * Changed Snarf alerts when using FOREACH. Rather than a single string containing a comma separated field list and a single string for the values, each value and field will be in parallel arrays, with values in appropriate format. * Small bug fixes. Change for 5.3.0 * Expanded data inputs to include records from YAF (including all deep packet inspection fields), and any flat IPFIX records. * The handling of multiple data sources at once. * FAST FLUX primitive to detect fast flux networks from DNS records * Derived fields, that operate on values from the records, such as the length of a string, the second level domain from a fully qualified domain name, and pulling the day of the week from a timestamp. * The ability to have a watchlist using any type of field, paired with the having a LIST CONFIGURATION write the contents to file regardless of field type. * A special type of watchlist for DNS that checks each part of a domain name, rather than a generic string match. * First public release of Analysis Pipeline version 5.