You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "George Vetticaden (JIRA)" <ji...@apache.org> on 2016/06/01 17:22:59 UTC
[jira] [Updated] (METRON-192) Metron Platform Extension
[ https://issues.apache.org/jira/browse/METRON-192?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
George Vetticaden updated METRON-192:
-------------------------------------
Description:
I envision for Metron-Forensics to be a package that utilizes Metron's PCAP capture and replay utilities to bring a new set of forensic capabilities to Metron. I see forensics to be subdivided into the following sets of capabilities:
Passive Network Analysis (PNA)
POF: http://lcamtuf.coredump.cx/p0f3/
Passive Asset Detection System: http://passive.sourceforge.net/
NMap https://nmap.org/
Network Miner: http://www.netresec.com/?page=NetworkMiner
Tenable Passive Vulnerability Scanner http://www.tenable.com/products/passive-vulnerability-scanner
PCAP Search, Reconstruction, and Forensics:
ChaosLoader: http://chaosreader.sourceforge.net/
TCP Extract: http://tcpxtract.sourceforge.net/
TCP ICK: http://tcpick.sourceforge.net/
NSM Console: http://writequit.org/projects/nsm-console/
Moloch: https://github.com/aol/moloch
Berkeley Packet Filter: http://www.freebsd.org/cgi/man.cgi?bpf
Scapy: http://www.secdev.org/projects/scapy/
xPlico http://www.xplico.org/
Wireshark https://www.wireshark.org/
Malware Forensics:
IDA Pro: https://www.hex-rays.com/products/ida/
YARA: https://plusvic.github.io/yara/
Data Loss Prevention
OpelDLP https://code.google.com/archive/p/opendlp/
OpenNLP https://opennlp.apache.org/
Stanford NER http://nlp.stanford.edu/software/CRF-NER.shtml
Netflow
Silk: https://tools.netsa.cert.org/silk/download.html
Sandboxing:
Cuckoo Sandbox: https://www.cuckoosandbox.org/
Visualization:
Maltego https://www.paterva.com/web7/
test
* test
* test 1
was:
I envision for Metron-Forensics to be a package that utilizes Metron's PCAP capture and replay utilities to bring a new set of forensic capabilities to Metron. I see forensics to be subdivided into the following sets of capabilities:
Passive Network Analysis (PNA)
POF: http://lcamtuf.coredump.cx/p0f3/
Passive Asset Detection System: http://passive.sourceforge.net/
NMap https://nmap.org/
Network Miner: http://www.netresec.com/?page=NetworkMiner
Tenable Passive Vulnerability Scanner http://www.tenable.com/products/passive-vulnerability-scanner
PCAP Search, Reconstruction, and Forensics:
ChaosLoader: http://chaosreader.sourceforge.net/
TCP Extract: http://tcpxtract.sourceforge.net/
TCP ICK: http://tcpick.sourceforge.net/
NSM Console: http://writequit.org/projects/nsm-console/
Moloch: https://github.com/aol/moloch
Berkeley Packet Filter: http://www.freebsd.org/cgi/man.cgi?bpf
Scapy: http://www.secdev.org/projects/scapy/
xPlico http://www.xplico.org/
Wireshark https://www.wireshark.org/
Malware Forensics:
IDA Pro: https://www.hex-rays.com/products/ida/
YARA: https://plusvic.github.io/yara/
Data Loss Prevention
OpelDLP https://code.google.com/archive/p/opendlp/
OpenNLP https://opennlp.apache.org/
Stanford NER http://nlp.stanford.edu/software/CRF-NER.shtml
Netflow
Silk: https://tools.netsa.cert.org/silk/download.html
Sandboxing:
Cuckoo Sandbox: https://www.cuckoosandbox.org/
Visualization:
Maltego https://www.paterva.com/web7/
> Metron Platform Extension
> -------------------------
>
> Key: METRON-192
> URL: https://issues.apache.org/jira/browse/METRON-192
> Project: Metron
> Issue Type: Wish
> Reporter: James Sirota
>
> I envision for Metron-Forensics to be a package that utilizes Metron's PCAP capture and replay utilities to bring a new set of forensic capabilities to Metron. I see forensics to be subdivided into the following sets of capabilities:
> Passive Network Analysis (PNA)
> POF: http://lcamtuf.coredump.cx/p0f3/
> Passive Asset Detection System: http://passive.sourceforge.net/
> NMap https://nmap.org/
> Network Miner: http://www.netresec.com/?page=NetworkMiner
> Tenable Passive Vulnerability Scanner http://www.tenable.com/products/passive-vulnerability-scanner
> PCAP Search, Reconstruction, and Forensics:
> ChaosLoader: http://chaosreader.sourceforge.net/
> TCP Extract: http://tcpxtract.sourceforge.net/
> TCP ICK: http://tcpick.sourceforge.net/
> NSM Console: http://writequit.org/projects/nsm-console/
> Moloch: https://github.com/aol/moloch
> Berkeley Packet Filter: http://www.freebsd.org/cgi/man.cgi?bpf
> Scapy: http://www.secdev.org/projects/scapy/
> xPlico http://www.xplico.org/
> Wireshark https://www.wireshark.org/
> Malware Forensics:
> IDA Pro: https://www.hex-rays.com/products/ida/
> YARA: https://plusvic.github.io/yara/
> Data Loss Prevention
> OpelDLP https://code.google.com/archive/p/opendlp/
> OpenNLP https://opennlp.apache.org/
> Stanford NER http://nlp.stanford.edu/software/CRF-NER.shtml
> Netflow
> Silk: https://tools.netsa.cert.org/silk/download.html
> Sandboxing:
> Cuckoo Sandbox: https://www.cuckoosandbox.org/
> Visualization:
> Maltego https://www.paterva.com/web7/
> test
> * test
> * test 1
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)