[netsa-tools-discuss] SiLK Plugins

Mark Thomas mthomas at cert.org
Mon Aug 17 14:28:15 EDT 2015 

I think the short answer to your question is no, we do not have any
publicly-available, ready-made scripts that will use a SiLK data
repository to answer these sorts of questions.

The Analysis Pipeline
<http://tools.netsa.cert.org/analysis-pipeline/index.html> is a
separate tool that is designed to process SiLK data as it arrives
and send alerts for unusual conditions (such as receiving traffic
from an IP on a watchlist or processing data volume over a certain
limit).

You may find some analysis techniques mentioned in documents on the
SEI web site <http://resources.sei.cmu.edu/library/results.cfm>.
Unfortunately, often times you will that that the technique is
mentioned but the details about how it works are not available.

I hope that helps.

-Mark


-----Original Message-----
From: Hosam Hittini <hosam.hittini at ies.etisalat.ae>
Date: Sun, 16 Aug 2015 07:40:02 +0400
To: 'Mark Thomas' <mthomas at cert.org>
Cc: <netsa-help at cert.org>, <netsa-tools-discuss at cert.org>, 'Majid Qureshi'
	<mmajid at ies.etisalat.ae>
Subject: RE: [netsa-tools-discuss] SiLK Plugins

Dear Mr. Mark,

Thank you, you got what I mean
But what I am looking for is plugins to detect spoofing for example, or DDoS
attacks
Are you aware of such developed plugins?

Regards,
Hosam Hittini
System Security, Security Operations Center
Etisalat
-----Original Message-----
From: Mark Thomas [mailto:mthomas at cert.org] 
Sent: Tuesday, August 11, 2015 7:58 PM
To: Hosam Hittini <hosam.hittini at ies.etisalat.ae>
Cc: netsa-help at cert.org; netsa-tools-discuss at cert.org; 'Majid Qureshi'
<mmajid at ies.etisalat.ae>
Subject: Re: [netsa-tools-discuss] SiLK Plugins

A list of C plug-ins that may be used with the SiLK analysis tools is
documented at http://tools.netsa.cert.org/silk/docs.html#analysis-plugins

The silk/src/plugins directory contains some additional plug-ins for use in
the analysis tools which may serve as example code for building your own.
See the silk-plugin[1] manual page for more information on creating plug-ins
from C.

See the silkpython[2] manual page for building plug-ins from python.

There are two plug-ins that work with rwflowpack.  Their source code is
under the silk/site directory, and their manual pages are
packlogic-twoway[3] and packlogic-generic[4].

If I have misunderstood what you mean my plugins, I am sorry and I ask that
you clarify what you mean.

Regards,

-Mark

[1]http://tools.netsa.cert.org/silk/silk-plugin.html
[2]http://tools.netsa.cert.org/silk/silkpython.html
[3]http://tools.netsa.cert.org/silk/packlogic-twoway.html
[4[http://tools.netsa.cert.org/silk/packlogic-generic.html


-----Original Message-----
From: Hosam Hittini <hosam.hittini at ies.etisalat.ae>
Date: Tue, 11 Aug 2015 12:29:59 +0400
To: <netsa-help at cert.org>, <netsa-tools-discuss at cert.org>
Cc: 'Majid Qureshi' <mmajid at ies.etisalat.ae>
Subject: [netsa-tools-discuss] SiLK Plugins

Hi,

 

I wonder if you can provide me with a list of plugins that were developed
for SiLK along with their documentation

Thank you

More information about the netsa-tools-discuss mailing list