libregf{,-devel,-python,-python3,-tools}-20181129-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libregf{,-devel,-python,-tools}-20181129-1.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python,-python3,-tools}-20181129-1.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
dfvfs-20181202-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - dfVFS,
the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several
back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
This release is testing APFS support in plaso.
libfsapfs{,-devel,-python,-python3,-tools}-20181205-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python,-tools}-20181205-1.el6.{i686,x86_64}.rpm, and libfsapfs{,-devel,-python,-python3,-tools}-20181205-1.el7.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
Note that this project currently only focuses on the analysis of the format.
libfixbuf{,-devel}-2.2.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - Libfixbuf
is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101).
See here for the list of changes.
pyfixbuf-0.6.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - Pyfixbuf
is a Python API for libfixbuf, an implementation of the
IPFIX protocol used for building, collecting, and exporting processes.
Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX.
Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another
IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.).
See this page for a list of problems fixed in this and all releases.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.17.2-5.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
This version was rebuilt for libfixbuf-2.2.0.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.17.2-6.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.17.2-6.{el6,el7}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
This version was rebuilt for libfixbuf-2.1.0.
libschemaTools{,-devel}-1.3-3.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and libschemaTools{,-devel}-1.3-3.el7.x86_64.rpm -
libschemaTools is a library that provides a standard representation of data records.
It is built on fixbuf, using IPFIX information elements.
It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source.
SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records.
See here for the list of changes for this release.
This package was rebuilt to use libfixbuf 2.2.0.
analysis-pipeline-5.9-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.9-2.el7.x86_64.rpm -
The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
See here for the list of changes.
This package was rebuilt to use libfixbuf 2.2.0.
super_mediator-1.6.0-4.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.6.0-4.el7.x86_64.rpm -
Super_mediator is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
This package was rebuilt to use libfixbuf 2.2.0.
yaf{,-devel}-2.10.0-3.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and yaf{,-devel}-2.10.0-3.el7.x86_64.rpm -
Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering.
Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format.
It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using
pcap(3), an Endace DAG capture device,
or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX
over SCTP, TCP or
UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system.
Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring.
This package was rebuilt to use libfixbuf 2.2.0.
lime-kernel-modules-1.1.r17-15.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME.
Support for the Fedora 29 x86_64 and i386 architectures was added.
fmem-kernel-modules-1.6-1.15.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem.
Support for the Fedora 29 x86_64 and i386 architectures was added.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.5.noarch.rpm - Support for the following kernels were added for
Fmem:
4.19.6-300 for FC29
4.19.5-300 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-5.noarch.rpm - Support for the following kernels were added for
LiME:
4.19.6-300 for FC29
4.19.5-300 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.25.noarch.rpm - Support for the following kernels were added for
Fmem:
4.19.6-200 for FC28
4.19.5-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-25.noarch.rpm - Support for the following kernels were added for
LiME:
4.19.6-200 for FC28
4.19.5-200 for FC28
fmem-kernel-modules-el7-x86_64-1.6-1.47.noarch.rpm - Support for the following kernels were added for
Fmem:
3.10.0-957.1.3 for EL7
3.10.0-957 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-47.noarch.rpm - Support for the following kernels were added for
LiME:
3.10.0-957.1.3 for EL7
3.10.0-957 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.49.noarch.rpm - Support for the following kernels were added for
Fmem:
2.6.32-754.9.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-49.noarch.rpm - Support for the following kernels were added for
LiME:
2.6.32-754.9.1 for EL6
Fedora 23 - Updates to Fedora 23 for both the i686 and x86_64 CPU architectures has ceased.