By Angela Horneman on April 8, 2016 4:00 PM
One of my responsibilities on the Situational Awareness Analysis team is to create analytics for various purposes. For the past few weeks, I've been working on some anomaly detection analytics for hunting in the network flow traffic of common network...
By Angela Horneman on June 19, 2015 3:07 PM
In my last post, I presented how to create a YAF application label signature rule that corresponds to a text-based Snort-type rule. In this post, I discuss methods for using Analysis Pipeline to provide context to those signatures. The context...
By Angela Horneman on June 12, 2015 3:03 PM
Ever want to use a Snort-like rule with SiLK or Analysis Pipeline to find text within packets? Timur Snoke and I were recently discussing how we could do this and realized that while neither SiLK nor Analysis Pipeline themselves do...
By Angela Horneman on March 20, 2015 3:00 PM
Hi. This is Angela Horneman of the SEI's Situational Awareness team. I've generated service specific network flows to use as baseline examples for network analysis and am sharing them since others may find them helpful. We have been looking at...
By Angela Horneman on October 16, 2014 2:59 PM
Hi, this is Angela Horneman from the CERT Situational Awareness Analysis team. Recently, Nathan Dell and I were asked to explore ways to improve network traffic data storage by determining what data to store to meet organizational needs. Our research,...
Toll Free: 888-201-4479
4500 Fifth Avenue
Pittsburgh, PA 15213-2612