Christian Kreibich
Christian Kreibich
Xavi Anguera has suggested making the list of papers citing a paper queryable via the API. This needs a bit more thinking about the notion of paper identity (cluster ID)...
We regularly encounter the need for a given Zeek version/installation to answer the question "What do the logs look like?". Several folks have built their own takes on this in...
I started seeing these with GCC 11.1.1 (Fedora 34), via Zeek's Broker project: ``` In file included from /home/christian/devel/zeek/zeek/auxil/broker/caf/libcaf_core/caf/make_config_option.hpp:10, from /home/christian/devel/zeek/zeek/auxil/broker/caf/libcaf_core/caf/config_option_set.hpp:16, from /home/christian/devel/zeek/zeek/auxil/broker/caf/libcaf_core/caf/detail/config_consumer.hpp:9, from /home/christian/devel/zeek/zeek/auxil/broker/caf/libcaf_core/src/detail/parse.cpp:7: In constructor ‘caf::config_value::config_value(T&&) [with T...
A few folks have suggested that one could share the ID as an anonymous/pseudonymous substitute for the flow tuple, to avoid revealing the actual flow. (In analogy to sharing a...
DJ Gregor suggested one could simply append the flow's timestamp to the end of the ID when wanting to filter out clashing, unrelated flows. Doing so would allow you to...
The standard rendering of the ID (eg `1:ZEYOYMeyZNQC9DAdgsBZCtiTKqw=`) is not only not very nice to look at, but can break standard string handling in SIEM pipelines and other tools (so...
A given network flow's 5-tuple will differ depending on whether it's perceived internally, externally, before or after a NAT, etc. Can the Community ID accommodate this? The short answer is...
The Community ID could include features beyond the flow tuple, such as the presence of particular file transfers in the flow. This could aid in disambiguation of flows with otherwise...
Running this ... ``` import broker with broker.Endpoint() as ep, ep.make_status_subscriber(True) as ss: st = ss.get(1.0) ``` ... triggers this: ``` Traceback (most recent call last): File "/home/christian/t5/test.py", line 4,...
Please see #12 — this could go in if we could surmount difficulties with the CLA signing. Thanks.