WaterSlide is a streaming event-at-a-time architecture for processing metadata. It is designed to take in a set of streaming events from multiple sources, process them through a set of modules ("kids"), and return meaningful outputs.
proc_duplicates - Find and label duplicate tuple members
proc_keyarrival - annotates the arrival sequence of each key
proc_keysort - sorts events about a key from lowest to highest numeric value
proc_keytrans - time transitions in value per key
proc_log_keyvalue_parse - decode logs strings that have key=value substrings
proc_onlyafter - pass on events about a key only after detected labels are present
proc_periodic - detect periodic instances per key, assumes DATETIME is available
proc_removenest.c - Creates a new nested tuple, removing specified members
proc_dns.c - decode a binary buffer as a DNS formatted packet
proc_grouppackets.c - merge content buffers on packets with the same session key
proc_pcapin.c - read from pcap source file or interface
proc_tls.c - decode TLS data from a binary buffer.
proc_hmac.c - compute cryptographic hash of specified buffers (sha256, md5, others)
fixed bug in proc_print.c - output hex on binary buffer
proc_duplicates - Find and label duplicate tuple members proc_keyarrival - annotates the arrival sequence of each key proc_keysort - sorts events about a key from lowest to highest numeric value proc_keytrans - time transitions in value per key proc_log_keyvalue_parse - decode logs strings that have key=value substrings proc_onlyafter - pass on events about a key only after detected labels are present proc_periodic - detect periodic instances per key, assumes DATETIME is available proc_removenest.c - Creates a new nested tuple, removing specified members proc_dns.c - decode a binary buffer as a DNS formatted packet proc_grouppackets.c - merge content buffers on packets with the same session key proc_pcapin.c - read from pcap source file or interface proc_tls.c - decode TLS data from a binary buffer. proc_hmac.c - compute cryptographic hash of specified buffers (sha256, md5, others)
fixed bug in proc_print.c - output hex on binary buffer