![]() ![]() ![]() ![]() Folder data/formatted_reports has 3 files.Download source Zip file or checkout the code.Extends native Wireshark filter functionality to allow filtering based severity, source, asset type & CVE information for each source or destination IP address in network logs.Loads exported vulnerability scan information exported from Qualys/Nessus map IP to CVEs.filter for ‘Database Server’, ‘Employee Laptop’ etc) Loads asset classification information based on IP-Range to Asset Type mapping which enables filtering incoming/outgoing traffic from a specific type of assets (e.g.Loads malicious Indicators CSV exported from Threat Intelligence Platforms like MISP and associates it with each source/destination IP from network traffic.This toolkit provides the following functionality It works with both PCAP files and real-time traffic captures. It does it by extending Wireshark native search filter functionality to allow filtering based on these additional contextual attributes. Wireshark Forensics Toolkit is a cross-platform Wireshark plugin that correlates network traffic data with threat intelligence, asset categorization & vulnerability data to speed up network forensic analysis. For a typical analyst, who has to comb through GBs of PCAP files to identify malicious activity, it's like finding a needle in a haystack. Even though Wireshark provides incredibly powerful functionalities for protocol parsing & filtering, it does not provide any contextual information about network endpoints. It is an important tool for both live traffic analysis & forensic analysis for forensic/malware analysts. Wireshark is the most widely used network traffic analyzer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |