Search Results for "data analysis"

We have migrated development of Sagacity to GitHub at https://github.com/cyberperspectives/sagacity Sagacity is a vulnerability assessment and STIG compliance data management tool designed to make security testing more efficient, effective and complete. Security assessments, especially those done for DoD and Federal organizations, produce tremendous amounts of scan and compliance data that security engineers must sort through and deconflict, identify untested requirements, and somehow...

...This code demo uses a 256bit rolling hash table (8x8bytes) at its heart to mix together pre-defined parameters in a way that allows the cipher to produce encoded output that is locked to a key of arbitrary length without padding. Based upon some random data points the cipher produces encoded output that is non-deterministic in nature, the same key and message will never produce the same output each time it's run. The cipher attempts to render output that is resistant to several types of analysis although this has yet to be proven. Please note that I make no claims to this being safe. ...

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich...

Using templated message formats with customisable placeholders, run in configurable sequences that can selectively reuse data between steps, must allows more intelligent testing of syslog receivers with realistic data, as well as longer soak testing and stress testing. must was created to fill a gap found when trying to stress test Splunk as real, indexable and meaningful data was needed. must will (eventually) be provided as a standalone tool that uses XML configs (for quick use and...

DEEEP is a open source static analysis tool to detect, in C programs, integer vulnerabilities caused by the bad adaption of aplications from ILP32 to LP64. It uses the tools Lint and Splint, and runs over Open Solaris and Linux operating systems. This tool semantically analyses source code. More precisely, it does type checking, data-flow analysis, and it automatically correlates the results of these two types of analysis.

This project contains various scripts and code snippets that can easily be deployed by an incident responder or forensic analyst to aid them in either acquiring or analyzing critical data. You can contact me at: interrupt08@users.sf.net or visit my blog, fork(), at https://forksec.wordpress.com/

Plinko was originally an experiment with Prefix Trees and log parsing. The general concept is to have a single end point you can send any data to, in a "fire and forget" fashion. Plinko should identify and parse the data completely without the sending system caring what it sent. The latest version supports named fields in the STL files for tagging data parsed in the Prefix Tree and anonymous functions for parsing dynamic message payloads. We now output JSON objects and I'm working on HBase...

Command line LOGalyze client. logalyze-cli is a powerful command line client for managing LOGalyze engine. With LOGalyze application log analyzer, you can collect your log data from any device, analyze, normalize and parse them.

The Forensics Data Identifier (FDI) is a tool which allows for large data files to be easily filtered for common forensically relevant data types.The tool was intended to speed up the ediscovery and analysis processes of the forensics investigation

Ourmon is a network monitoring and anomaly detection system and displays the data for multiple BPF expressions via RRDTOOL-based graphs. It also helps the user identify various kinds of network anomalies using various flow analysis tools and logging.

Distributed Syslog collector and viewer system with reliable Syslog msgs over tcp, and query with reg ex. using PERL. Supports IETF syslog and syslog relay, JAVA/JINI based, uses postgreSQL, JBOSS. Chain of custody raw to db data link. UTF8, D, F , UK

A lightweight (distributed?) network security monitor for TCP/IP+Ethernet LANs. It will capture certain network events and record them in a relational database. The recorded data will be available for analysis through a CGI based interface.