@dguido Could this be accomplished with an cuckoo sandbox?
-
-
-
@Tekneek Hmm, maybe some of it can be done with Cuckoo. Does Cuckoo integrate with Snort or other IDS systems? -
@dguido On the wish list, it seems. Some talk that you can build an entire analysis system with StreamDB + Openpcap + capME.
End of conversation
New conversation -
-
-
@dguido Yup Attack Research product Hermes http://attackresearch.com/?q=hermesThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@dguido Also, xplico will do all the extraction bits (carve out files, DNS/http/other requests), and is built into Security Onion.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@dguido I take that back - RSA Netwitness will do what you're wanting. At least, it did 3 years ago...Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@dguido Here is a Security Onion discussion of doing something similar: http://ow.ly/km53KThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@dguido most of the enterprise products will let you download PCAPs, but you can't really do the equivalent of a "tcp-replay" by uploadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@dguido what do you need it for? im writting one for identification of machines, pulling out files and working out network layouts at the moThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@dguido Certainly not as automated, but you can get much of the same info replaying PCAPS through@securityonion & querying with#ELSAThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.