A Scalable Platform for Network Forensics

Features

Interactive. VAST is designed to answer complex queries in sub-second latencies, allowing incident responders and threat hunters to quickly achieve their tasks with maximum productivity.

Scalable. VAST harnesses all available CPU cores in your machine and transparently scales to a cluster of commodity machines. To this end, VAST leverages the C++ Actor Framework as high-performance message-passing runtime.

Expressive. To describe activity, VAST offers a rich-typed data model to avoid loss of critical semantics. The type-safe query language enables flexible query operations (e.g., top-k IP prefix search, set membership) and type-specific performance optimizations.


Resources

Download

Unfortunately we don't have an official release yet, but we are scrambling hard to provide an alpha version soon. Stay tuned!

Documentation

Since VAST is still in a fledgling stage, we do not have technical documentation available at this point. Meanwhile, our conference paper offers a good introduction and the corresponding dissertation comprehensive coverage about the design and implementation.

Community

While we are developing VAST, we want to stay in touch with you and seek an active exchange. After all, you will be using it and we are working hard to deliver you a satisfying solution. These are the various channels to reach us:

Chat. We actively engage. If you have direct questions for the developers of VAST, join our Gitter chat.

GitHub. We share our work. VAST ships with a permissive 3-clause BSD license. If you have trouble with the code, please do not hesitate to file an issue at our tracker.

Twitter. We spread the word. You can follow @vast_io where we will periodically post noteworthy tidbits about VAST.

Mailing Lists. We communicate. To reach the community, send an email to our mailing list. Our commit diffs ship to a separate mailing list. If you can't find answer anywhere, you can always send an email to info@vast.io.


About

History

VAST means to address a deep-running operational need of large-scale network monitoring and incident response: archiving and searching massive amounts of structured data interactively in an expressive manner.

In 2008, researchers at the International Computer Science Institute (ICSI) formulated Principles for Developing Comprehensive Network Visibility, which lead to the inception of VAST as an academic feasibility study. After exploring these concepts extensively in a master's thesis and Ph.D. dissertation, VAST has bridged the gap from theory into practice. Today, Matthias Vallentin leads the development of VAST in his post-doctoral appointment at UC Berkeley.

Funding

The Signatures Innovation Fellows Program supports the post-doctoral position that enables VAST to move forward. This program supports innovative research from UC Berkeley faculty that hold commercial promise. We are grateful for their support.