[
https://issues.apache.org/jira/browse/METRON-192?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Sirota updated METRON-192:
--------------------------------
Labels: ForwardLookingEpic (was: )
> Metron Platform Extension
> -------------------------
>
> Key: METRON-192
> URL: https://issues.apache.org/jira/browse/METRON-192
> Project: Metron
> Issue Type: Wish
> Reporter: James Sirota
> Labels: ForwardLookingEpic
>
> I envision for Metron-Forensics to be a package that utilizes Metron's PCAP
> capture and replay utilities to bring a new set of forensic capabilities to
> Metron. I see forensics to be subdivided into the following sets of
> capabilities:
> Passive Network Analysis (PNA)
> POF: http://lcamtuf.coredump.cx/p0f3/
> Passive Asset Detection System: http://passive.sourceforge.net/
> NMap https://nmap.org/
> Network Miner: http://www.netresec.com/?page=NetworkMiner
> Tenable Passive Vulnerability Scanner
> http://www.tenable.com/products/passive-vulnerability-scanner
> PCAP Search, Reconstruction, and Forensics:
> ChaosLoader: http://chaosreader.sourceforge.net/
> TCP Extract: http://tcpxtract.sourceforge.net/
> TCP ICK: http://tcpick.sourceforge.net/
> NSM Console: http://writequit.org/projects/nsm-console/
> Moloch: https://github.com/aol/moloch
> Berkeley Packet Filter: http://www.freebsd.org/cgi/man.cgi?bpf
> Scapy: http://www.secdev.org/projects/scapy/
> xPlico http://www.xplico.org/
> Wireshark https://www.wireshark.org/
> Malware Forensics:
> IDA Pro: https://www.hex-rays.com/products/ida/
> YARA: https://plusvic.github.io/yara/
> Data Loss Prevention
> OpelDLP https://code.google.com/archive/p/opendlp/
> OpenNLP https://opennlp.apache.org/
> Stanford NER http://nlp.stanford.edu/software/CRF-NER.shtml
> Netflow
> Silk: https://tools.netsa.cert.org/silk/download.html
> Sandboxing:
> Cuckoo Sandbox: https://www.cuckoosandbox.org/
> Visualization:
> Maltego https://www.paterva.com/web7/
> test
> * test
> * test 1
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
