cmusei.silk

Panoramica Versioni Approfondimenti

SiLK

SiLK stands for System for Internet-Level Knowledge. It is a set of tools created by the CERT Network Situational Awareness Team. These tools help in analyzing network traffic for security purposes, especially in large networks. SiLK makes it easier for network security analysts to gather, store, and examine network flow data, allowing them to quickly search through large amounts of historical traffic data. It works best for monitoring traffic in large organizations or mid-sized Internet Service Providers (ISPs).

A SiLK setup includes two main parts: a packing system and an analysis suite. The packing system collects data from formats like IPFIX, NetFlow v9, or NetFlow v5, and compresses this data into a more efficient format. It saves the compressed data into special binary files. The analysis suite has tools that read these files and allows users to perform various queries, such as filtering individual records or doing statistical analyses on groups of records. These tools can work together using pipes, so users can build more complex queries starting from simple ones.

Role Variables

Here are some key variables with their default values (for more details, check defaults/main.yml):

  • silk_version: The version of SiLK to install. The current master branch always points to the latest version.
  • netsa_url: "http://tools.netsa.cert.org/releases/"
  • silk_name: "silk-{{ silk_version }}"
  • silk_tgz: "{{ silk_name }}.tar.gz"
  • silk_url: "{{ netsa_url }}{{ silk_tgz }}"
  • silk_timeout: 10
  • silk_checksums: A list of version checksums for verification.
  • silk_checksum: The checksum for the specific version of SiLK.

These helper variables help in downloading the SiLK release from the CERT NetSA tools site.

Dependencies

  • cmusei.fixbuf

Example Playbook

- hosts: servers
  roles:
     - role: cmusei.silk
       tags: ['silk']

License

Copyright 2020 Carnegie Mellon University.
This material is provided "as-is" without any guarantees or warranties. Carnegie Mellon University does not guarantee fitness for any purpose, nor does it ensure freedom from patent, trademark, or copyright issues. This software is released under an MIT-style license; check license.txt or contact permission@sei.cmu.edu for full terms.

This material is approved for public release and can be distributed without limitations. See the copyright notice for restrictions on use by non-US Government agencies. CERT® is registered by Carnegie Mellon University.

This software uses third-party software that has its own license:

  1. ansible (Copyright 2019 Red Hat, Inc.)
  2. molecule (Copyright 2018 Red Hat, Inc.)
  3. testinfra (Copyright 2020 Philippe Pepiot.)

Author Information

This role was created in 2019 by Matt Heckathorn.

Informazioni sul progetto

A role to install and configure the SiLK analysis and collection tools

role cert netsa silk netflow sei
Installa
ansible-galaxy install cmusei.silk
GitHub repository
4 stelle
3 fork
0 problemi aperti
Licenza
other
Download
1.8k
Proprietario
Software Engineering Institute
At the SEI, we research software engineering, cybersecurity, and AI engineering problems; create innovative technologies; and put solutions into practice.