Displaying 1 to 4 from 4 results

vast - :crystal_ball: Visibility Across Space and Time – The network telemetry engine for data-driven security investigations

  •    C++

The network telemetry engine for data-driven security investigations. High-Throughput Ingestion: import numerous log formats over 100k events/second, including Zeek, Suricata, JSON, and CSV.

misp-warninglists - Warning lists to inform users of MISP about potential false-positives or other information in indicators

  •    Python

misp-warninglists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes. The warning lists are integrated in MISP to display an info/warning box at the event and attribute level if such indicators are available in one of the list. The list can be globally enabled or disabled in MISP following the practices of the organization.

pcapFS - A FUSE module to mount captured network data

  •    C++

pcapFS is a FUSE module allowing it to mount captured network data as a virtual file system. This makes it especially convenient to analyze the payload (and to some extend the metadata) of your captured network traffic. Instead of extracting the payload (i.e. copying the data to disk), pcapFS provides direct access into the PCAP files. To speed the access up, an index is created when a PCAP is mounted for the first time. This takes almost the same time as opening a PCAP with Wireshark. After the index is created, we can use it for all further operations. Moreover, the index can be used to mount the PCAP any time later making the data available almost instantly.