Screencasts - Hilfsvideos

SSIM and packet analysis/forensics

Created: 06 Sept. 2012 • Aktualisiert: 06 Sept. 2012 | 3 Kommentare

Does SSIM have the ability to take info from such sources as wireshark, snort, netflow, tcpdump, etc. to do network forensics and/or digital survelillance?

Kommentare KommentareZum neuesten Kommentar

das Bild der Laurent_cs

Well SSIM has a collector for Netflow and Snort + a few more IDS products.

Some of these product collectors also collect the Data Payload of the IDS signature triggered..

das Bild der MegLs

In addition, the "Custom User Actions" can be used in some cases. 

It depends on the capab ility of the products. The Snort Unified2 integration for instance provides just that: packet data for the deep analytics.

das Bild der Shahnawaz Ks

Hi MegL,

As I have the same question as of bigdeal above, so I want to know  if we make SSIM to capture the .cap extension file from products like wireshark or Net-mon.

Do we have any particular collector for such type of logs or Generic Syslog collector can help us in this.