I just posted the first draft of a document describing OpenPacket.org.
openpacket_req_doc_draft_21jul06.pdf
Please take a look and provide comments and suggestions. Those of you who want to help might want to announce yourselves on the openpacket-devel list to facilitate collaboration.
I did not assign any timelines because I am not sure of the level of effort required to make this a reality. At the very least this document is a starting point.
Thank you!
Subscribe to:
Post Comments (Atom)
5 comments:
Richard,
The proposal looks great. Something I'd like to see on the roadmap is the capacity to search traces by those matching a tcpdump filter or snort rule -- a format similar to what is set up at TurboSnortRules where the results are emailed if a lot of stuff is queued may be quite helpful.
Also not spec'd in your doc, I should think users should be able to provide analysis of traces (particularly unknowns) as comments, and each bit of analysis can also be moderated; i.e., the trace as an "article", and analysis as "comments".
Unrelated: is approval required for the devel list? I have yet to receive anything...
-Brandon Franklin
Brandon,
Thanks for your comments. I thought I communicated something about analyst comments, but I guess that either wasn't clear or I left that in an old draft. I want that too.
What is your email address? I'm not sure I see one that looks something like your name on the Openpacket-devel Subscribers list.
Just tried signing up again. The username is bfranklin and the domain is kitsolutions.net.
Brandon,
Did you get an email from Sourceforge that you then confirmed? I don't see you listed in either devel or user management lists.
Confirmation email was getting picked up by an overzealous spam filter. All is well now. Thanks!
Post a Comment