Monday, January 23, 2012

Unified2 Anonymizer v0.9.0b release!

Eric Lauzon is happy to announce the beta release of u2_anon.

u2_anon is a tool that allows you to "share" anonymized unified2 files to help debug issues or share results without compromising the information contained inside. u2_anon will not modify the unified2 file/files used as the source, but will create a copy of the source unified2 file with anonymized data that can be shared.

I strongly suggest that you run u2_anon on files that are not currently being written by snort, since it will not "spool" unified2 file like barnyard2 or other unified2 readers can do.
u2_anon has 4 different levels or anonymity levels:

[-eE:] [Anonymize Event] 
 - Will set source and destination IP's of EVENT to ipv4 - "" , ipv6 "::ffff:" 
 [-lL:] [Anonimize LinkLayer (ethernet)] 
 - Will set source mac to AA:AA:AA:AA:AA:AA and dst mac to BB:BB:BB:BB:BB:BB 
 [-pP:] [Anonymize Packet data] 
 - Will Zero out packet payload 
 [-xX:] [Anonymize Extra DATA event] 
 - Will set IP information to "loopback" and extra data "data" will be zeroed.

u2_anon will work on a single file or a directory containing multiple files.

Note that u2_anon is still beta and new features will be added along the way, if you have comments, suggestions, or bug/issues, please feel free to let me know.

You can download it directly from here