DOWNDLOAD

Sax2 Intrusion Prevention System

  • Prevent hacker & virus attacks
  • Securing your network & business
Read More…
Free Download

Exploring VAST: Advanced Network Telemetry Visualization for High Traffic Data Processing and Security Auditing

AndyHuang

Contents hide
About VAST
Core Features
Tool Acquisition
Tool Usage
Project Address
Related posts:

About VAST

VAST is a powerful network telemetry visualization engine across space and time, usable in data-driven security auditing activities.

Core Features

High Traffic Data Processing: Supports importing over 100,000 events per second in various log formats, including Zeek, Suricata, JSON, and CSV.

Low Latency Queries: Thanks to multi-level bitmap indexing and actor model concurrency, the response time for the entire data pool is sub-second, facilitating instant metric checks on the entire dataset.

Flexible Export Formats: Access data in common text formats (ASCII, JSON, CSV) and binary formats (MRT, PCAP).

Robust Data Model and Query Language: A universal semi-structured data model allows the expression of complex data in a typed manner, supporting powerful data subset operations specific to domains such as top-k prefix search for IP addresses and subset relationships.

Tool Acquisition

Linux users can directly click [https://storage.googleapis.com/tenzir-public-data/vast-static-builds/vast-static-latest.tar.gz] or use cURL to download the latest version of the static source code:

curl -L -O https://storage.googleapis.com/tenzir-public-data/vast-static-builds/vast-static-latest.tar.gz

Next, we need to manually extract the compressed document. It will contain three directories: bin, etc, and share. Then, we need to directly call the source code in the bin directory:

tar xfz vast-static-latest.tar.gz
bin/vast --help

If you want to install VAST on your local machine directly, you can directly extract the code package to the /usr/local/ folder.

FreeBSD and macOS users need to build the source code. You need to clone the project source code locally using the following command:

git clone --recursive https://github.com/tenzir/vast

After all dependencies are installed, we can build VAST using the following commands:

./configure

cmake --build build

cmake --build build --target test

cmake --build build --target install

cmake --build build --target integration

Tool Usage

Start a VAST node:

vast start

Import Zeek logs:

zcat *.log.gz | vast import zeek

Execute a query on data from the past hour and present the results in JSON format:

vast export json ':timestamp > 1 hour ago && (6.6.6.6 || 5353/udp)'

Import a PCAP file:

vast import pcap -c 1024 < trace.pcap

Execute a query on PCAP data, sort by packet time, and import into tcpdump:

vast export pcap "sport > 60000/tcp && src !in 10.0.0.0/8" \

  | ipsumdump --collate -w - \

  | tcpdump -r - -nl

Project Address

VAST: Click here to read the original text

jsondata analysisfile storagec++

Related posts:

  1. How to Avoid Phishing Scams
  2. Block bad ICMP messages to Prevent ICMP attacks
  3. DNS spoofing
  4. How to Prevent Denial of Service Attack (DDoS Attack)