A coworker told me about this project today, and I thought I would share since it looks promising.

Packetpig is an open source project hosted on github by @packetloop that contains Hadoop InputFormats, Pig Loaders, Pig scripts and R scripts for processing and analyzing pcap data. It also has classes that allow you to stream packets from Hadoop to local snort and p0f processes so you can parallelize this type of packet processing.

Check it out:


6 Short Links on PDNS Graph Analytics for Security

A short listing of recent papers I've read or plan to read using passive DNS data and graph analytics for identifying malicious domains Continue reading