NetFSE

From ForensicsWiki
Revision as of 11:59, 4 August 2010 by BenUphoff (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Net/FSE: Network Forensic Search Engine

Net/FSE is a server application for network operations. The system consists of a data capture, indexing and search services optimized for processing high-volume IP-based network log data. Log data from firewalls, intrusion detection systems, routers and other network devices is streamed to Net/FSE in near real time, providing network professionals on enterprise networks with fast drill down and analysis of billions of log records.

A web interface built on top of Tomcat and GWT is integrated into the codebase. The UI is designed to be an easy to use workflow tool for network operations including security, compliance, troubleshooting and management. Socket-based APIs and HTTP-based XML APIs make integrating search of network log data fast and easy.

The system is also moving towards a plugin architecture which will allow users to build custom data processing engines to meet individual needs. The core system handles capture and storage, as well as search/query functionality, allowing plugins to easily leverage the system's capabilities with minimal coding.

Project Status

In June 2009 version 0.2 of the open source Net/FSE was released at NetFSE.org. The 0.3 release is in the works and will be available in August 2010. NetFSE.org is the user community and information center for Net/FSE users.