New SiLK Handbook Addresses Analyst Tradecraft
• Article
November 13, 2018—The SEI CERT Division’s Situational Awareness Group has released an updated edition of Network Traffic Analysis with SiLK. The new edition of this handbook complements an update (3.17.0) to the System for Internet-Level Knowledge (SiLK) traffic analysis suite released earlier this year.
“The new SiLK handbook has been revised to make it more analyst-focused and teach not only the toolset but also the tradecraft around using SiLK,” said project lead and co-author Geoffrey Sanders. “This edition is written from the perspective of the network traffic analyst, and it’s organized according to workflows that analysts can use when investigating network activity and anomalies.”
In reworking the handbook from the analyst’s perspective, the CERT authors considered feedback from the SiLK user community, including representatives from U.S. government departments, agencies, and the commercial sector. This input informed the authors’ handling of topics such as single- and multi-path analysis, advanced exploratory analysis, and large data sets.
The handbook also has something to offer analysts interested in examining network flow records with tools other than SiLK. “The overall description of the analysis methods we detail in the handbook include approaches that parallel what analysts find using the tool suite of their choice,” said Sanders.
For a detailed description of the new edition of Network Traffic Analysis with SiLK, see Geoffrey Sanders’ SEI Blog post An Analyst-Focused Approach to Network Traffic Analysis.
To download the latest Open Source version of SiLK, visit http://tools.netsa.cert.org/silk/download.html.
To download binary packages of SiLK tools see https://forensics.cert.org/repository/.