Project

nwsdk

0.0
No commit activity in last 3 years
No release in over 3 years
nwsdkryanbreed/nwsdkHomepageDocumentationSource CodeBug TrackerWiki
allows users to run queries, extracts, and generate cef alerts
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
7,113
Stars
4
Forks
1
Watchers
3
 Releases
Current version
1.2.0
Total releases
3
First release
2015-09-03
Latest release
2016-01-29
 Development
Primary Language
Ruby
Licenses
GPLv3
Average date of last 50 commits
2015-10-17
Reverse Dependencies
0

 Dependencies

Development

bundler
>= 0
guard
>= 0
guard-rspec
>= 0
pry
>= 0
rake
>= 0
rspec
>= 0
simplecov
>= 0

Runtime

cef
= 2.1.1pre
chronic
>= 0
rest-client
>= 0
thor
>= 0
 Project Readme

Nwsdk

Simplified wrapper + cli for NetWitness REST endpoints

Build Status

Installation

Add this line to your application's Gemfile:

gem 'nwsdk'

And then execute:

$ bundle

Or install it yourself as:

$ gem install nwsdk

Usage

Module documentation is non-existent. Best bet is to look at the specs and/or the cli driver invocations.

To get up and running, invoke 'nw config' and edit ~/.nwsdk.json

The cli is mainly used from the nw command:

Commands:
  nw cef CONDITIONS --loghost=LOGHOST            # send cef alerts for query conditions
  nw configure [$HOME/.nwsdk.json]               # write out a template configuration file
  nw content CONDITIONS                          # extract files for given query conditions
  nw help [COMMAND]                              # Describe available commands or one specific command
  nw pcap CONDITIONS                             # extract PCAP for given query conditions
  nw query CONDITIONS                            # execute SDK query
  nw timeline CONDITIONS                         # get a time-indexed histogram for conditions
  nw values CONDITIONS                           # get value report for specific meta key

Options:
  [--config=CONFIG]  # JSON file with endpoint info & credentials
                     # Default: $HOME/.nwsdk.json
  [--host=HOST]      # hostname for broker or concentrator
  [--port=N]         # REST port for broker/concentrator
                     # Default: 50103
  [--span=N]         # max timespan in seconds
                     # Default: 3600
  [--limit=N]        # max number of sessions
                     # Default: 10000
  [--start=START]    # start time for query
                     # Default: $now-1h
  [--end=END]        # end time for query
                     # Default: $now-ish

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/ryanbreed/nwsdk.

Any fixtures/mocks/etc for the actual REST traffic would be highly welcome additions.

License

GPLv3 (see LICENSE)