silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.22.0-1.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.22.0-1.el9.{x86_64,aarch64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
analysis-pipeline-5.11.4-7.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and analysis-pipeline-5.11.4-7.el9.{x86_64,aarch64}.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt for silk 3.22.0.
super_mediator-1.9.1-3.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and super_mediator-1.9.1-3.el9.{x86_64,aarch64}.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
See here for the list of changes.
This package was rebuilt to use silk 3.22.0.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.22.0-2.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.22.0-2.el9.{x86_64,aarch64}.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.22.0-101.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.22.0-101.el9.{x86_64,aarch64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
These packages are installed in the forensics-test repository.
These packages were rebuilt to use libfixbuf 3.0.0.alpha2.
Please address any comments on these packages to netsa-help@cert.org.
analysis-pipeline-5.11.4-8.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and analysis-pipeline-5.11.4-8.el9.{aarch64,x86_64}.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package is installed in the forensics-test repository.
This package was rebuilt to use libfixbuf 3.0.0.alpha2 and silk 3.22.0.
Please address any comments on these packages to netsa-help@cert.org.
libcreg{,-devel,-python3,-tools}-20230923-1.{fc36,fc37,fc38,el8,amzn2}.x86_64.rpm, libcreg{,-devel,-python3,-tools}-20230923-1.el9.{x86_64,aarch64}.rpm, and libcreg{,-devel,-python36,-tools}-20230923-1.el7.x86_64.rpm -
Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format.
snort-3.1.71.0-1.{fc36,fc37,fc38,el8}.x86_64.rpm and snort-3.1.71.0-1.el9.{x86_64,aarch64}.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol3analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
pfring-8.7.0-8524.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.7.0.8524-dkms.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.7.0-4400.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
lime-kernel-modules-fc38-x86_64-1.9.1-15.noarch.rpm -
Support for the following kernels were added for LiME:
6.5.5-200 for FC38
6.4.15-200 for FC38
fmem-kernel-modules-fc38-x86_64-1.6-1.15.noarch.rpm -
Support for the following kernels were added for Fmem:
6.5.5-200 for FC38
6.4.15-200 for FC38
lime-kernel-modules-fc37-x86_64-1.9.1-15.noarch.rpm -
Support for the following kernels were added for LiME:
6.5.5-100 for FC37
6.4.15-100 for FC37
fmem-kernel-modules-fc37-x86_64-1.6-1.15.noarch.rpm -
Support for the following kernels were added for Fmem:
6.5.5-100 for FC37
6.4.15-100 for FC37
lime-kernel-modules-el9-{x86_64,aarch64}-1.9.1-28.noarch.rpm -
Support for the following kernels were added for LiME for both the x86_64 and aarch64 architectures:
5.14.0-368 for EL9
fmem-kernel-modules-el9-{x86_64,aarch64}-1.6-1.28.noarch.rpm -
Support for the following kernels were added for Fmem for both the x86_64 and aarch64 architectures: