Blog Posts
Choosing the History for a Profile in Simple Network Flow Anomaly Detection
One of my responsibilities on the Situational Awareness Analysis team is to create analytics for various purposes....
• By Angela Horneman
In CERT/CC Vulnerabilities
YAF App Label Signature Context with Analysis Pipeline
In my last post, I presented how to create a YAF application label signature rule that corresponds to a text-based Snort-type rule....
• By Angela Horneman
In CERT/CC Vulnerabilities
Making YAF App Labels from Text-Based Snort Rules
Ever want to use a Snort-like rule with SiLK or Analysis Pipeline to find text within packets? Timur Snoke and I were recently discussing how we could do this and …
• By Angela Horneman, Timur Snoke
In CERT/CC Vulnerabilities
Baseline Network Flow Examples
Hi. This is Angela Horneman of the SEI's Situational Awareness team. I've generated service specific network flows to use as baseline examples for network analysis and am sharing them since …
• By Angela Horneman
In CERT/CC Vulnerabilities
Smart Collection and Storage Method for Network Traffic Data
Hi, this is Angela Horneman from the CERT Situational Awareness Analysis team. Recently, Nathan Dell and I were asked to explore ways to improve network traffic data storage....
• By Angela Horneman
In CERT/CC Vulnerabilities
Investigating Advanced Persistent Threat 1
Hi this is Deana Shick and Angela Horneman from the Threat Analysis and Situational Awareness teams....
• By Deana Shick, Angela Horneman
In CERT/CC Vulnerabilities
Working with the Internet Census 2012
It's not every day that 9.6 terabytes of data is released into the public domain for further research. The Internet Census 2012 project scanned the entire IPv4 address space using …