Network Situational Awareness Tools

We have developed and maintain a suite of open source tools for monitoring large-scale networks using flow data. These tools have grown out of our work of the AirCERT project, the SiLK project, and the effort to integrate this work into a unified, standards-compliant flow collection and analysis platform. Download the following open source tools from our tools repository. Contact us if you have questions or need more information about our tools.

  • Analysis Pipeline processes SiLK Flow records to automate common tasks, get closer to "real-time" reporting of events, and feed data to a SIEM.
  • fixbuf provides an implementation of the IPFIX Protocol as a C library, for building IPFIX Collecting and Exporting Processes.
  • IPA is an IP address annotation system.
  • iSiLK is a graphical front-end for the SiLK tools, designed to work with an existing installation of the SiLK analysis suite.
  • netsa-python library is a grab-bag of Python routines and frameworks that we have found helpful when developing analyses using the SiLK toolkit.
  • Orcus is a system for analyzing passively-collected DNS information.
  • Rayon is a Python library and set of tools for generating basic two-dimensional statistical visualizations.
  • SiLK facilitates security analysis of large networks.
  • SiLK IPset contains a library and a set of command line tools to build and manipulate IPset files.
  • snarf is a distributed alert reporting system.
  • super_mediator is an IPFIX mediator for use with the YAF and SiLK tools.
  • YAF processes packet data into bidirectional flow records that can be used as input into an IPFIX Collecting Process.

Contact Us

Let us know if you have questions about our tools or would like additional information.

Contact Us


Full Suite of Tools

The SEI offers a wide range of tools and methods that are applied daily in organizations throughout the world.