Version 4 (modified by cviecco, 10 years ago)

--

Hflow2 Data Analysis System

Hflow2 is a data coalesing tool for honeynet/network analysis. It allows to coalesce data from snort, p0f, sebekd into a unified cross related data structure stored in a relational database. There is a paper with a more detailed description can be found  here.

The rationale for building hflow2 was the need to create a tool that had several features that were not available in other systems. In particular no tool existed that provided a sebek and network aware offline processing. A comparision of hflow2 with other similar systems follows:

Hflow2Hflow + sebekd sebekd argus netflow
Flow Type Bidi Bidi none Bidi uni
Sebek Aware Yes Yes Yes No No
P0f Aware Yes Yes No No No
Content Based marking Yes No No No No
Off line Yes No Yes Yes Yes
No runtime dependencies Yes No Yes Yes Yes
Fail Stop Yes No Yes Yes Yes