Analysis Pipeline Release 4.5.1, 2016-May-6

Downloads

(MD5=979a98ca611c83a99fb66e71820c8e4a)

(SHA1=49dc5ea801248e2da37f2ae7a7dd140cf72f653e)

(SHA256=8abe2a14bc222fdf08657098982401e5f0407946f919c2c9f25f90586897cbaf)

(RIPEMD160=14b471779ae79db8a047b364f6e9fa512fd7f2bf)

Notes

  • Bug fixes that replace version 4.5.

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.5, 2016-Apr-29

Downloads

(MD5=1688146704576322812ab839b749d9b1)

(SHA1=2512d868c3dc0346fed9c8fa8f606f889c063e7f)

(SHA256=3b217b01e51db727b1f5f18b4a146469d2eb9113cacef98c07e2fb63f01bac4a)

(RIPEMD160=1199c34d40bc0e572a2836392563322aa5093c4b)

Notes

  • Memory and processing efficiency improvements.
  • SiLK flags format now accepted for flags fields.
  • Added derived fields for timestamps for the flow key hash.
  • Watchlists and bracketted list files accepted for all fields.
  • Bags can be used for custom thresholds.

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.4.1, 2014-Oct-28

Downloads

(MD5=1643d5bd8d35a9f3da4eb6e7da46c6f5)

(SHA1=9a78ef77fba2299bfb42fdf1f56a85332092b63b)

(SHA256=)

(RIPEMD160=)

Notes

  • Pmaps files are now reloaded when updated similar to IPSet files
  • Bug fix with reloading IPSet files

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.4, 2014-Sep-12

Downloads

(MD5=009ab45d1162a93502797d6df09979e8)

(SHA1=220ae8ea378afe88768dddf00771012f2078e845)

(SHA256=)

(RIPEMD160=)

Notes

  • Pmaps can be used for processing data
  • List bundles added, which alert if a value is in all lists in bundle
  • Filters can use bracketted list of tuples now.
  • ANY IP/PORT can be used in FOREACH to build state for both

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.3.2, 2013-Dec-30

Downloads

(MD5=a34f4001b4ff46ce432ed0917826f43f)

(SHA1=54077c4669a446e8d3698b19ac2b6613e9cbd71c)

(SHA256=)

(RIPEMD160=)

Notes

  • Small bug fixes

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.3.1, 2013-Dec-20

Downloads

(MD5=0c85455161c94b65cf843bb62bf93a4f)

(SHA1=d234bd4e26fe6e5aaad9f967d803f59e899066d9)

(SHA256=)

(RIPEMD160=)

Notes

  • CLEAR NEVER or CLEAR ALWAYS must now be specified in evals
  • Efficiency improvements

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.3, 2013-Dec-17

Downloads

(MD5=01bad10769b772b4eaa004a8d7ae7cdf)

(SHA1=eb864ba1f4480e2eeadd5f2bf6d5f28eb0c2cb35)

(SHA256=)

(RIPEMD160=)

Notes

  • Lists made by INTERNAL FILTERs can be seeded by an IPSet file.
  • Lists made by INTERNAL FILTERs can drop IPSet files on update.
  • Efficiency improvements
  • Small bug fixes

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.2, 2013-Feb-15

Downloads

(MD5=af1b2d0f0f6c585f2f1496d7a2e1eae2)

(SHA1=501fe2cbbb495a963a3d4bafc47cb0a4adde94b0)

(SHA256=)

(RIPEMD160=)

Notes

  • Added a new primitive for statistics: DIFFERENCE DISTRIBUTION
  • Updated available fields for the iterative comparison
  • Statistics can now have a forever duration
  • Added a BYTES_PER_PACKET field

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library.

Analysis Pipeline Release 4.1, 2013-Jan-4

Downloads

(MD5=8c5f8621d6d3c2d5eabe95aa53fdbdbd)

(SHA1=eca0c74e098cda188c122d874adcbc61172597e7)

(SHA256=)

(RIPEMD160=)

Notes

  • Lists created by internal filters can now send alerts
  • Removed the need for underscores in the config file
  • Can now alert when an output is removed by an evaluation
  • When pipeline runs out of memory, the alert contains the memory used
  • Evaluations that hit output threshold can be shut down temporarily

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library

Analysis Pipeline Release 4.0.1, 2011-Oct-4

Downloads

(MD5=09709823f806748432b365121dcb9ae8)

(SHA1=f05911624e981f42f41a387fb716ebf9175ca3ec)

(SHA256=)

(RIPEMD160=)

Notes

  • Notable jump in features, flexbility, and improved internals from version 3.0.0
  • Cleaner configuration language. Can just give filename of ipset in the filter rather than using a list structure.
  • Uses field lists to build tuples, rather than hard coded in v3
  • Added a way to configure lists to manager their counts and send alerts periodically on their own
  • Can have multiple output lists for evaluations using FOREACH. Simpler language to define them.
  • Created a mechanmism to allow multiple filters to provide flows for an evaluation.

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later
  • Snarf — Recommended: Analysis Pipeline can interact with the snarf alerting library

Analysis Pipeline Release 3.0.0, 2010-Sep-28

Downloads

(MD5=6cdb8566072b1ff210ee5ebeb30668f4)

(SHA1=564d020c917b565e9ac49b8c155988872446275a)

(SHA256=)

(RIPEMD160=)

Notes

  • Initial public release

Dependencies

  • SiLK — Analysis Pipeline requires SiLK 2.1 or later