Granef

Granef is a toolkit designed for network forensics, which utilizes graph-based analysis to examine network traffic data.

The toolkit captures network traffic, processes it, and stores the data in a Dgraph database for subsequent analysis via a web interface. Key components include: - Docker container modules designed for efficient data processing - Transformation of Zeek logs from PCAP files into RDF triples for enhanced usability - Support for MISP threat sharing data and detailed NetFlow traffic analysis - An interactive web interface that facilitates exploratory data analysis - A database schema specifically structured around the Zeek log format - Predefined queries and visualizations to aid in network traffic analysis

The system architecture includes several key components: - Extraction modules for processing input data. - Transformation modules for converting data. - A data handling module that utilizes a graph database. - An API module designed for querying. - A web interface for conducting analysis and visualization.