applications/system

analysis-pipeline - Stream analysis of SiLK records

Website: http://tools.netsa.cert.org/analysis-pipeline5/index.html
License: GPLv2
Vendor: CERT Network Situational Awareness
Description:
The SiLK Analysis Pipeline can be added to the SiLK packing process to
analyze flow records as they are collected by rwflowpack.

Packages

analysis-pipeline-5.8-1.fc22.i686 [632 KiB] Changelog by Lawrence R. Rogers (2018-06-01):
* Release 5.8-1
	New EWMA primitive to calculate the Exponentially Weighted Moving Average and corresponding standard deviation.
	New CALCULATE STATS primitive to calculate the common statistical values such as the standard deviation, mean and count.
	Records can now be put into bins based on time windows to increase efficiency in certain situations and allow for better control of updating logic.
	FILTERS can now be put into MANIFOLDS to increase efficiency in certain situations.
	Other bug fixes.
analysis-pipeline-5.7-2.fc22.i686 [618 KiB] Changelog by Lawrence R. Rogers (2018-03-16):
* Release 5.7-2
	Rebuilt with silk-common-3.16.1.
analysis-pipeline-5.7-1.fc22.i686 [618 KiB] Changelog by Lawrence R. Rogers (2017-12-21):
* Release 5.7-1
	EVALUATIONS can be forced to wait a minimum amount of time before alerting
	STATISTICS can now have a minimum number of records before updating.
	Other bug fixes.
analysis-pipeline-5.6-4.fc22.i686 [610 KiB] Changelog by Lawrence R. Rogers (2017-11-09):
* Release 5.6-4
	Rebuilt with libfixbuf-1.8.0-1
analysis-pipeline-5.6-3.fc22.i686 [610 KiB] Changelog by Lawrence R. Rogers (2017-06-30):
* Release 5.6-3
	Rebuilt with silk-common-3.16.0.
analysis-pipeline-5.6-2.fc22.i686 [610 KiB] Changelog by Lawrence R. Rogers (2017-03-28):
* Release 5.6-2
	Rebuilt with silk-common-3.15.0.
analysis-pipeline-5.6-1.fc22.i686 [610 KiB] Changelog by Lawrence R. Rogers (2017-01-07):
* Release 5.6-1
	All fields can use a SEED file of any type
	More than one EXTRA ALERT FIELDs is now allowed.
	EXTRA ALERT FIELDs can now be derived fields
	Added EXTRA AUX ALERT FIELD to add fields to auxilliary alerts
	STATISTICs can now updated EVERY HOUR, or EVERY DAY
	STATISTICs will send one final update after processing a list of files using --name-files
	Other bug fixes
analysis-pipeline-5.5-2.fc22.i686 [607 KiB] Changelog by Lawrence R. Rogers (2016-12-02):
* Release 5.5-2
	Rebuilt with silk-common-3.14.0
analysis-pipeline-5.5-1.fc22.i686 [607 KiB] Changelog by Lawrence R. Rogers (2016-10-18):
* Release 5.5-1
	New PERSISTENCE primitive to detect a FOREACH tuple's presence for a specified number of HOURS or DAYS.
	A minimum number of records requirement can be added to primitives, either at the overall EVALUATION level,
	 or for each value of the FOREACH field. Alerts will not be sent until the minimum number of records is seen.
	Other bug fixes.
analysis-pipeline-5.4.1-1.fc22.i686 [595 KiB] Changelog by Lawrence R. Rogers (2016-07-14):
* Release 5.4.1-1
	List configuration can now write files with the contents of the list without sending an alert.
	ICMP fields are fixed.
	Filtering by comparing two fields works with derived fields.
	Other bug fixes.
analysis-pipeline-5.4-1.fc22.i686 [594 KiB] Changelog by Lawrence R. Rogers (2016-06-03):
* Release 5.4-1
	Significant memory and processing efficiency improvements.
	Streamlined Statistic processing
	Reloading of bag files used as custom thresholds upon update.
analysis-pipeline-5.3.2-2.fc22.i686 [597 KiB] Changelog by Lawrence R. Rogers (2016-04-07):
* Release 5.3.2-2
	Rebuilt with silk-common-3.12.0
analysis-pipeline-5.3.2-1.fc22.i686 [597 KiB] Changelog by Lawrence R. Rogers (2016-02-17):
* Release 5.3.2-1
	Pmaps are IP version agnostic. Pmaps can have both v4 and v6 address that can be used with SIP and SIP_V6.
	Small bug fixes with Ubuntu compiling and domain name processing.
	Unit test improvements
analysis-pipeline-5.3.1-3.fc22.i686 [596 KiB] Changelog by Lawrence R. Rogers (2016-01-22):
* Release 5.3.1-1
	Changes for 5.3.1
		* Changed Snarf alerts when using FOREACH. Rather than a single string containing a comma separated field list and a single
		  string for the values, each value and field will be in parallel arrays, with values in appropriate format.

		* Small bug fixes.

	Change for 5.3.0
		* Expanded data inputs to include records from YAF (including all deep packet inspection fields), and any flat IPFIX records.
		* The handling of multiple data sources at once.
		* FAST FLUX primitive to detect fast flux networks from DNS records
		* Derived fields, that operate on values from the records, such as the length of a string, the second level domain from a
		  fully qualified domain name, and pulling the day of the week from a timestamp.
		* The ability to have a watchlist using any type of field, paired with the having a LIST CONFIGURATION write the contents
		  to file regardless of field type.
		* A special type of watchlist for DNS that checks each part of a domain name, rather than a generic string match.

		* First public release of Analysis Pipeline version 5.

Listing created by Repoview-0.6.6-4.el7