Video Screencast Help

SSIM and packet analysis/forensics

Created: 06 Sep 2012 • Updated: 06 Sep 2012 | 3 comments

Does SSIM have the ability to take info from such sources as wireshark, snort, netflow, tcpdump, etc. to do network forensics and/or digital survelillance?

Comments 3 CommentsJump to latest comment

Laurent_c's picture

Well SSIM has a collector for Netflow and Snort + a few more IDS products.

Some of these product collectors also collect the Data Payload of the IDS signature triggered..

MegL's picture

In addition, the "Custom User Actions" can be used in some cases. 

It depends on the capab ility of the products. The Snort Unified2 integration for instance provides just that: packet data for the deep analytics.

Shahnawaz K's picture

Hi MegL,

As I have the same question as of bigdeal above, so I want to know  if we make SSIM to capture the .cap extension file from products like wireshark or Net-mon.

Do we have any particular collector for such type of logs or Generic Syslog collector can help us in this.