Software Assurance Secure Systems Organizational Security Coordinating Response Training
Skip to end of metadata
Go to start of metadata

Normally SiLK flow records get stamped with a class as flow records are recorded in the repository. However, if you're importing raw packet data or need to change some records that inadvertantly have the wrong class/type, that's easy to fix with pySiLK.

The example below sets the class to "all" and assigns a type of in, inweb, out or outweb to each record in an input file. The direction (in or out) is defined by an ipset that represents the internal network (traffic that neither comes from nor goes to the internal network is discarded in this example). Web/non-web flows are separated based on port.

  • No labels