analysis-pipeline - Stream analysis of SiLK records

Property Value
Distribution CentOS 6
Repository CERT Forensics Tools i386
Package filename analysis-pipeline-5.6-1.el6.i686.rpm
Package name analysis-pipeline
Package version 5.6
Package release 1.el6
Package architecture i686
Package type rpm
Category Applications/System
License GPLv2
Maintainer -
Download size 605.32 KB
Installed size 1.25 MB
The SiLK Analysis Pipeline can be added to the SiLK packing process to
analyze flow records as they are collected by rwflowpack.


Package Version Architecture Repository
analysis-pipeline-5.10-1.el6.i686.rpm 5.10 i686 CERT Forensics Tools
analysis-pipeline-5.10-1.el6.x86_64.rpm 5.10 x86_64 CERT Forensics Tools
analysis-pipeline-5.9-3.el6.i686.rpm 5.9 i686 CERT Forensics Tools
analysis-pipeline-5.9-3.el6.x86_64.rpm 5.9 x86_64 CERT Forensics Tools
analysis-pipeline-5.9-2.el6.i686.rpm 5.9 i686 CERT Forensics Tools
analysis-pipeline-5.9-2.el6.x86_64.rpm 5.9 x86_64 CERT Forensics Tools
analysis-pipeline-5.8-2.el6.i686.rpm 5.8 i686 CERT Forensics Tools
analysis-pipeline-5.8-2.el6.x86_64.rpm 5.8 x86_64 CERT Forensics Tools
analysis-pipeline-5.8-1.el6.i686.rpm 5.8 i686 CERT Forensics Tools
analysis-pipeline-5.8-1.el6.x86_64.rpm 5.8 x86_64 CERT Forensics Tools
analysis-pipeline-5.7-2.el6.i686.rpm 5.7 i686 CERT Forensics Tools
analysis-pipeline-5.7-2.el6.x86_64.rpm 5.7 x86_64 CERT Forensics Tools
analysis-pipeline-5.7-1.el6.i686.rpm 5.7 i686 CERT Forensics Tools
analysis-pipeline-5.7-1.el6.x86_64.rpm 5.7 x86_64 CERT Forensics Tools
analysis-pipeline-5.6-4.el6.i686.rpm 5.6 i686 CERT Forensics Tools
analysis-pipeline-5.6-3.el6.i686.rpm 5.6 i686 CERT Forensics Tools
analysis-pipeline-5.6-2.el6.i686.rpm 5.6 i686 CERT Forensics Tools
analysis-pipeline-5.5-2.el6.i686.rpm 5.5 i686 CERT Forensics Tools
analysis-pipeline-5.5-1.el6.i686.rpm 5.5 i686 CERT Forensics Tools
analysis-pipeline-5.4.1-1.el6.i686.rpm 5.4.1 i686 CERT Forensics Tools
analysis-pipeline-5.4-1.el6.i686.rpm 5.4 i686 CERT Forensics Tools
analysis-pipeline-5.3.2-2.el6.i686.rpm 5.3.2 i686 CERT Forensics Tools
analysis-pipeline-5.3.2-1.el6.i686.rpm 5.3.2 i686 CERT Forensics Tools
analysis-pipeline-5.3.1-3.el6.i686.rpm 5.3.1 i686 CERT Forensics Tools
analysis-pipeline - - -


Name Value
/sbin/chkconfig -
/sbin/ldconfig -
filesystem - - -
libfixbuf >= 1.4.0 - - - - - - - - - -
libschemaTools >= 1.2.0 - - - - -
rtld(GNU_HASH) -
silk-common >= 3.0.0


Name Value
analysis-pipeline = 5.6-1.el6
analysis-pipeline(x86-32) = 5.6-1.el6
config(analysis-pipeline) = 5.6-1.el6


Type URL
Binary Package analysis-pipeline-5.6-1.el6.i686.rpm
Source Package analysis-pipeline-5.6-1.el6.src.rpm

Install Howto

  1. Add EPEL and RPMForge repositories
  2. Download cert-forensics-tools-release-el6 rpm:
  3. Install cert-forensics-tools-release-el6 rpm:
    # rpm -Uvh cert-forensics-tools-release*rpm
  4. Install analysis-pipeline rpm package:
    # yum --enablerepo=forensics install analysis-pipeline




2017-01-07 - Lawrence R. Rogers <> 5.6-1
* Release 5.6-1
All fields can use a SEED file of any type
More than one EXTRA ALERT FIELDs is now allowed.
EXTRA ALERT FIELDs can now be derived fields
Added EXTRA AUX ALERT FIELD to add fields to auxilliary alerts
STATISTICs will send one final update after processing a list of files using --name-files
Other bug fixes
2016-12-02 - Lawrence R. Rogers <> 5.5-2
* Release 5.5-2
Rebuilt with silk-common-3.14.0
2016-10-18 - Lawrence R. Rogers <> 5.5-1
* Release 5.5-1
New PERSISTENCE primitive to detect a FOREACH tuple's presence for a specified number of HOURS or DAYS.
A minimum number of records requirement can be added to primitives, either at the overall EVALUATION level,
or for each value of the FOREACH field. Alerts will not be sent until the minimum number of records is seen.
Other bug fixes.
2016-07-14 - Lawrence R. Rogers <> 5.4.1-1
* Release 5.4.1-1
List configuration can now write files with the contents of the list without sending an alert.
ICMP fields are fixed.
Filtering by comparing two fields works with derived fields.
Other bug fixes.
2016-06-03 - Lawrence R. Rogers <> 5.4-1
* Release 5.4-1
Significant memory and processing efficiency improvements.
Streamlined Statistic processing
Reloading of bag files used as custom thresholds upon update.
2016-04-07 - Lawrence R. Rogers <> 5.3.2-2
* Release 5.3.2-2
Rebuilt with silk-common-3.12.0
2016-02-17 - Lawrence R. Rogers <> 5.3.2-1
* Release 5.3.2-1
Pmaps are IP version agnostic. Pmaps can have both v4 and v6 address that can be used with SIP and SIP_V6.
Small bug fixes with Ubuntu compiling and domain name processing.
Unit test improvements
2016-01-22 - Lawrence R. Rogers <> 5.3.1-3
* Release 5.3.1-3
Changes for 5.3.1
* Changed Snarf alerts when using FOREACH. Rather than a single string containing a comma separated field list and a single
string for the values, each value and field will be in parallel arrays, with values in appropriate format.
* Small bug fixes.
Change for 5.3.0
* Expanded data inputs to include records from YAF (including all deep packet inspection fields), and any flat IPFIX records.
* The handling of multiple data sources at once.
* FAST FLUX primitive to detect fast flux networks from DNS records
* Derived fields, that operate on values from the records, such as the length of a string, the second level domain from a
fully qualified domain name, and pulling the day of the week from a timestamp.
* The ability to have a watchlist using any type of field, paired with the having a LIST CONFIGURATION write the contents
to file regardless of field type.
* A special type of watchlist for DNS that checks each part of a domain name, rather than a generic string match.
* First public release of Analysis Pipeline version 5.
2015-10-20 - Lawrence R. Rogers <> 4.4.1-3
* Release 4.4.1-3
Rebuilt with silk-common-3.11.0
2014-12-20 - Lawrence R. Rogers <> 4.4.1-2
* Release 4.4.1-2
Rebuilt with silk-common-3.10.0.

See Also

Package Description
analyzeMFT-2.0.11-1.el6.i686.rpm analyzeMFT
analyzeMFT-2.0.19-1.el6.i686.rpm analyzeMFT
analyzeMFT- analyzeMFT
artifacts-20150409-1.el6.i686.rpm artifacts - knowledge base of forensic artifacts
artifacts-20161022-1.el6.i686.rpm artifacts - knowledge base of forensic artifacts
ataraw-0.2.1-1.el6.i386.rpm Linux user-level ATA raw command utility
autopsy-2.24-1.el6.noarch.rpm Autopsy Forensic Browser
autopsy-4.10.0-1.el6.i686.rpm Autopsy Forensic Browser
autopsy-4.9.0-1.el6.i686.rpm Autopsy Forensic Browser
autopsy-4.9.1-1.el6.i686.rpm Autopsy Forensic Browser
bencode-1.0-1.el6.noarch.rpm The BitTorrent bencode module as light-weight, standalone package
binplist-0.1.4-2.el6.i686.rpm Binary property list (plist) parser module written in python
binplist-0.1.5-1.el6.i686.rpm Binary property list (plist) parser module written in python
bloom-1.4.6-1.el6.i386.rpm NPS Bloom filter package (includes frag_find)
bloom-1.4.6-2.el6.i686.rpm NPS Bloom filter package (includes frag_find)