What is Super Mediator?

Super Mediator is a data transformation tool that acts as an intermediary between tools that produce IPFIX output (such as YAF) and tools that take IPFIX as input. It can aggregate, filter, and modify IPFIX records, and it can convert IPFIX records to JSON or to delimited text (such as CSV) for importing into a spreadsheet or relational database.

Super Mediator's Role in the CERT NetSA Security Suite

Super Mediator acts as the data transformation infrastructure for the CERT NetSA Security Suite. It takes in data from YAF and transforms it into formats that can be fed into SiLK, Mothra, and Analysis Pipeline. Super Mediator collects and processes YAF output (via TCP, UDP, or IPFIX files) and exports that data as one or more streams of IPFIX, JSON, or CSV text format. The IPFIX may be processed by IPFIX collectors such as rwflowpack, flowcap, Mothra, pipeline, or another instance of Super Mediator. The JSON or text may be bulk uploaded to a database.

YAF and super_mediator run on hundreds of sensors and               send IPFIX data to Analysis Pipeline, Mothra, and SiLK. A               network security analyst receives streaming alerts from Pipeline               and queries the Mothra and SiLK repositories.

Recommended Uses for Super Mediator

Super Mediator can import data from and export data to a variety of analysis and alerting tools in addition to the CERT NetSA Security Suite.