James Sirota created METRON-192: ----------------------------------- Summary: Metron Platform Extension Key: METRON-192 URL: https://issues.apache.org/jira/browse/METRON-192 Project: Metron Issue Type: Wish Reporter: James Sirota
I envision for Metron-Forensics to be a package that utilizes Metron's PCAP capture and replay utilities to bring a new set of forensic capabilities to Metron. I see forensics to be subdivided into the following sets of capabilities: Passive Network Analysis (PNA) POF: http://lcamtuf.coredump.cx/p0f3/ Passive Asset Detection System: http://passive.sourceforge.net/ NMap https://nmap.org/ Network Miner: http://www.netresec.com/?page=NetworkMiner Tenable Passive Vulnerability Scanner http://www.tenable.com/products/passive-vulnerability-scanner PCAP Search, Reconstruction, and Forensics: ChaosLoader: http://chaosreader.sourceforge.net/ TCP Extract: http://tcpxtract.sourceforge.net/ TCP ICK: http://tcpick.sourceforge.net/ NSM Console: http://writequit.org/projects/nsm-console/ Moloch: https://github.com/aol/moloch Berkeley Packet Filter: http://www.freebsd.org/cgi/man.cgi?bpf Scapy: http://www.secdev.org/projects/scapy/ xPlico http://www.xplico.org/ Wireshark https://www.wireshark.org/ Malware Forensics: IDA Pro: https://www.hex-rays.com/products/ida/ YARA: https://plusvic.github.io/yara/ Data Loss Prevention OpelDLP https://code.google.com/archive/p/opendlp/ OpenNLP https://opennlp.apache.org/ Stanford NER http://nlp.stanford.edu/software/CRF-NER.shtml Netflow Silk: https://tools.netsa.cert.org/silk/download.html Sandboxing: Cuckoo Sandbox: https://www.cuckoosandbox.org/ Visualization: Maltego https://www.paterva.com/web7/ -- This message was sent by Atlassian JIRA (v6.3.4#6332)