Sflow/netflow/ipfix open source security projects

• Previous message (by thread): Sflow/netflow/ipfix open source security projects
• Next message (by thread): Sflow/netflow/ipfix open source security projects
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sounds like an interesting project. You might want to take a look at
sflowtool to get started. The following article shows how to use sflowtool
to decode sFlow datagrams and includes a simple Python script matching IP
addresses against a known threat database.

https://blog.sflow.com/2018/12/sflow-to-json.html

On Wed, Aug 10, 2022 at 7:19 AM Drew Weaver <drew.weaver at thenap.com> wrote:

> Hello,
>
>
>
> I am interested in getting involved with an open source project in my
> spare time.
>
>
>
> I thought that it may be useful to contribute to an open source project
> that uses flow data to check for lateral movement inside of networks and
> also to check for known bads in remote connections.
>
>
>
> This seems like really low hanging fruit from a defense scenario.
>
>
>
> I’ve tried googling around for something like this and I have come up
> short.
>
>
>
> Is anyone aware of any such projects?
>
>
>
> Thanks,
>
> -Drew
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220810/830c49ac/attachment.html>

• Previous message (by thread): Sflow/netflow/ipfix open source security projects
• Next message (by thread): Sflow/netflow/ipfix open source security projects
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]