[METRON-192] Metron Platform Extension - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Wish
Status: To Do
Priority: Minor
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Labels:
- ForwardLookingEpic

Description

I envision for Metron-Forensics to be a package that utilizes Metron's PCAP capture and replay utilities to bring a new set of forensic capabilities to Metron. I see forensics to be subdivided into the following sets of capabilities:

Passive Network Analysis (PNA)
POF: http://lcamtuf.coredump.cx/p0f3/
Passive Asset Detection System: http://passive.sourceforge.net/
NMap https://nmap.org/
Network Miner: http://www.netresec.com/?page=NetworkMiner
Tenable Passive Vulnerability Scanner http://www.tenable.com/products/passive-vulnerability-scanner

PCAP Search, Reconstruction, and Forensics:
ChaosLoader: http://chaosreader.sourceforge.net/
TCP Extract: http://tcpxtract.sourceforge.net/
TCP ICK: http://tcpick.sourceforge.net/
NSM Console: http://writequit.org/projects/nsm-console/
Moloch: https://github.com/aol/moloch
Berkeley Packet Filter: http://www.freebsd.org/cgi/man.cgi?bpf
Scapy: http://www.secdev.org/projects/scapy/
xPlico http://www.xplico.org/
Wireshark https://www.wireshark.org/
Malware Forensics:
IDA Pro: https://www.hex-rays.com/products/ida/
YARA: https://plusvic.github.io/yara/

Data Loss Prevention
OpelDLP https://code.google.com/archive/p/opendlp/
OpenNLP https://opennlp.apache.org/
Stanford NER http://nlp.stanford.edu/software/CRF-NER.shtml

Netflow
Silk: https://tools.netsa.cert.org/silk/download.html

Sandboxing:
Cuckoo Sandbox: https://www.cuckoosandbox.org/

Visualization:
Maltego https://www.paterva.com/web7/

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: James Sirota

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 01/Jun/16 01:26

Updated:: 02/Nov/16 18:35