Analysis Pipeline Release 4.5.1, 2016-May-6

Downloads

(MD5=979a98ca611c83a99fb66e71820c8e4a)

(SHA1=49dc5ea801248e2da37f2ae7a7dd140cf72f653e)

(SHA256=8abe2a14bc222fdf08657098982401e5f0407946f919c2c9f25f90586897cbaf)

(RIPEMD160=14b471779ae79db8a047b364f6e9fa512fd7f2bf)

Notes

  • Bug fixes that replace version 4.5.

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.5, 2016-Apr-29

Downloads

(MD5=1688146704576322812ab839b749d9b1)

(SHA1=2512d868c3dc0346fed9c8fa8f606f889c063e7f)

(SHA256=3b217b01e51db727b1f5f18b4a146469d2eb9113cacef98c07e2fb63f01bac4a)

(RIPEMD160=1199c34d40bc0e572a2836392563322aa5093c4b)

Notes

  • Memory and processing efficiency improvements.
  • SiLK flags format now accepted for flags fields.
  • Added derived fields for timestamps for the flow key hash.
  • Watchlists and bracketted list files accepted for all fields.
  • Bags can be used for custom thresholds.

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.4.1, 2014-Oct-28

Downloads

(MD5=1643d5bd8d35a9f3da4eb6e7da46c6f5)

(SHA1=9a78ef77fba2299bfb42fdf1f56a85332092b63b)

(SHA256=7f330f3260f4950bc1ff842dbf53a7f55e74948420752e0bca2ee2a4cb657019)

(RIPEMD160=c19ea350800916ac4024148df10fe24941a3ee5b)

Notes

  • Pmaps files are now reloaded when updated similar to IPSet files
  • Bug fix with reloading IPSet files

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.4, 2014-Sep-12

Downloads

(MD5=009ab45d1162a93502797d6df09979e8)

(SHA1=220ae8ea378afe88768dddf00771012f2078e845)

(SHA256=954f8ac6b64a96b35e632485dd39c01d83384a42cd1d2af581ef798d115bd10e)

(RIPEMD160=d03eb28bb3aa453aa33399f3fcd4441205b0d211)

Notes

  • Pmaps can be used for processing data
  • List bundles added, which alert if a value is in all lists in bundle
  • Filters can use bracketted list of tuples now.
  • ANY IP/PORT can be used in FOREACH to build state for both

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.3.2, 2013-Dec-30

Downloads

(MD5=a34f4001b4ff46ce432ed0917826f43f)

(SHA1=54077c4669a446e8d3698b19ac2b6613e9cbd71c)

(SHA256=015a6e8e0e6b34f2efbfe043239c8153a2385dd527918131610d8e7bd1588d17)

(RIPEMD160=528922478fb57d7e16e45fff2c200b177f221637)

Notes

  • Small bug fixes

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.3.1, 2013-Dec-20

Downloads

(MD5=0c85455161c94b65cf843bb62bf93a4f)

(SHA1=d234bd4e26fe6e5aaad9f967d803f59e899066d9)

(SHA256=7758ebc19afd839b661b3818c2655c22171b354fb42ba03a51e8a86bc44ff3e7)

(RIPEMD160=56544a8a619f0881d52016f6a82f3d5a8f9d0552)

Notes

  • CLEAR NEVER or CLEAR ALWAYS must now be specified in evals
  • Efficiency improvements

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.3, 2013-Dec-17

Downloads

(MD5=01bad10769b772b4eaa004a8d7ae7cdf)

(SHA1=eb864ba1f4480e2eeadd5f2bf6d5f28eb0c2cb35)

(SHA256=c564fbde7b74c803d308435d9f8640b21baff5adc8df9215034466deb7967f88)

(RIPEMD160=ad083ddeba804f409310282614c75a81579f7e84)

Notes

  • Lists made by INTERNAL FILTERs can be seeded by an IPSet file.
  • Lists made by INTERNAL FILTERs can drop IPSet files on update.
  • Efficiency improvements
  • Small bug fixes

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.2, 2013-Feb-15

Downloads

(MD5=af1b2d0f0f6c585f2f1496d7a2e1eae2)

(SHA1=501fe2cbbb495a963a3d4bafc47cb0a4adde94b0)

(SHA256=bae06d32dc7feb701401b7fc0ad943640938563d355724c5dd4abb60b7233264)

(RIPEMD160=1551fa5f0041b625171c0cd6b7f95a4a10e83ea9)

Notes

  • Added a new primitive for statistics: DIFFERENCE DISTRIBUTION
  • Updated available fields for the iterative comparison
  • Statistics can now have a forever duration
  • Added a BYTES_PER_PACKET field

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.1, 2013-Jan-4

Downloads

(MD5=8c5f8621d6d3c2d5eabe95aa53fdbdbd)

(SHA1=eca0c74e098cda188c122d874adcbc61172597e7)

(SHA256=5ab91cb42c64e2cd81091968982e52c1692154e149c76d532b9e0e8f1de16a73)

(RIPEMD160=3b83eca84a733eb9e2d7caf684b36e43ab3fd2dd)

Notes

  • Lists created by internal filters can now send alerts
  • Removed the need for underscores in the config file
  • Can now alert when an output is removed by an evaluation
  • When pipeline runs out of memory, the alert contains the memory used
  • Evaluations that hit output threshold can be shut down temporarily

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library

Analysis Pipeline Release 4.0.1, 2011-Oct-4

Downloads

(MD5=09709823f806748432b365121dcb9ae8)

(SHA1=f05911624e981f42f41a387fb716ebf9175ca3ec)

(SHA256=c252571bde3a83cf117fdc58be89de7b0e14ddd92cdb0293d540d0427a2ed223)

(RIPEMD160=4fda72098583c3e0c936cff1bacd1b3b4fb056cc)

Notes

  • Notable jump in features, flexbility, and improved internals from version 3.0.0
  • Cleaner configuration language. Can just give filename of ipset in the filter rather than using a list structure.
  • Uses field lists to build tuples, rather than hard coded in v3
  • Added a way to configure lists to manager their counts and send alerts periodically on their own
  • Can have multiple output lists for evaluations using FOREACH. Simpler language to define them.
  • Created a mechanmism to allow multiple filters to provide flows for an evaluation.

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library

Analysis Pipeline Release 3.0.0, 2010-Sep-28

Downloads

(MD5=6cdb8566072b1ff210ee5ebeb30668f4)

(SHA1=564d020c917b565e9ac49b8c155988872446275a)

(SHA256=d94dc1760842725a519662932111709dd207b312191b90286668d886f33a9fc4)

(RIPEMD160=66443bf455069550d53d9b8cfe8b132b59c3fb62)

Notes

  • Initial public release

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later