Super Mediator is a data transformation tool that acts as an intermediary between tools that produce IPFIX output (such as YAF) and tools that take IPFIX as input. It can aggregate, filter, and modify IPFIX records, and it can convert IPFIX records to JSON or to delimited text (such as CSV) for importing into a spreadsheet or relational database.
Super Mediator acts as the data transformation infrastructure for the CERT NetSA Security Suite. It takes in data from YAF and transforms it into formats that can be fed into SiLK, Mothra, and Analysis Pipeline. Super Mediator collects and processes YAF output (via TCP, UDP, or IPFIX files) and exports that data as one or more streams of IPFIX, JSON, or CSV text format. The IPFIX may be processed by IPFIX collectors such as rwflowpack, flowcap, Mothra, pipeline, or another instance of Super Mediator. The JSON or text may be bulk uploaded to a database.
Super Mediator can import data from and export data to a variety of analysis and alerting tools in addition to the CERT NetSA Security Suite.