James Sirota created METRON-192:
-----------------------------------
Summary: Metron Platform Extension
Key: METRON-192
URL: https://issues.apache.org/jira/browse/METRON-192
Project: Metron
Issue Type: Wish
Reporter: James Sirota
I envision for Metron-Forensics to be a package that utilizes Metron's PCAP
capture and replay utilities to bring a new set of forensic capabilities to
Metron. I see forensics to be subdivided into the following sets of
capabilities:
Passive Network Analysis (PNA)
POF: http://lcamtuf.coredump.cx/p0f3/
Passive Asset Detection System: http://passive.sourceforge.net/
NMap https://nmap.org/
Network Miner: http://www.netresec.com/?page=NetworkMiner
Tenable Passive Vulnerability Scanner
http://www.tenable.com/products/passive-vulnerability-scanner
PCAP Search, Reconstruction, and Forensics:
ChaosLoader: http://chaosreader.sourceforge.net/
TCP Extract: http://tcpxtract.sourceforge.net/
TCP ICK: http://tcpick.sourceforge.net/
NSM Console: http://writequit.org/projects/nsm-console/
Moloch: https://github.com/aol/moloch
Berkeley Packet Filter: http://www.freebsd.org/cgi/man.cgi?bpf
Scapy: http://www.secdev.org/projects/scapy/
xPlico http://www.xplico.org/
Wireshark https://www.wireshark.org/
Malware Forensics:
IDA Pro: https://www.hex-rays.com/products/ida/
YARA: https://plusvic.github.io/yara/
Data Loss Prevention
OpelDLP https://code.google.com/archive/p/opendlp/
OpenNLP https://opennlp.apache.org/
Stanford NER http://nlp.stanford.edu/software/CRF-NER.shtml
Netflow
Silk: https://tools.netsa.cert.org/silk/download.html
Sandboxing:
Cuckoo Sandbox: https://www.cuckoosandbox.org/
Visualization:
Maltego https://www.paterva.com/web7/
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
