I published the following diary on isc.sans.org: “Converting PCAP Web Traffic to Apache Log“:
PCAP data can be really useful when you must investigate an incident but when the amount of PCAP files to analyse is counted in gigabytes, it may quickly become tricky to handle. Often, the first protocol to be analysed is HTTP because it remains a classic infection or communication vector used by malware. What if you could analyze HTTP connections like an Apache access log? This kind of log can be easily indexed/processed by many tools… [Read more]
[The post [SANS ISC] Converting PCAP Web Traffic to Apache Log has been first published on /dev/random]
Article Link: https://blog.rootshell.be/2018/06/06/sans-isc-converting-pcap-web-traffic-apache-log/