Re: Sflow/netflow/ipfix open source security projects

[Dave <dedelman () iname com>]

Argus and the Argus Clients have quite a bit to offer in this line and they are open source. Check qosient.com  for the 
GitHub information.

Dave

> On Aug 10, 2022, at 7:37 AM, Peter Phaal <peter.phaal () gmail com> wrote:
>
> Sounds like an interesting project. You might want to take a look at sflowtool to get started. The following article 
> shows how to use sflowtool to decode sFlow datagrams and includes a simple Python script matching IP addresses 
> against a known threat database.
>
> https://blog.sflow.com/2018/12/sflow-to-json.html <https://blog.sflow.com/2018/12/sflow-to-json.html>
>
> On Wed, Aug 10, 2022 at 7:19 AM Drew Weaver <drew.weaver () thenap com <mailto:drew.weaver () thenap com>> wrote:
> Hello,
>
>  
>
> I am interested in getting involved with an open source project in my spare time.
>
>  
>
> I thought that it may be useful to contribute to an open source project that uses flow data to check for lateral 
> movement inside of networks and also to check for known bads in remote connections.
>
>  
>
> This seems like really low hanging fruit from a defense scenario.
>
>  
>
> I’ve tried googling around for something like this and I have come up short.
>
>  
>
> Is anyone aware of any such projects?
>
>  
>
> Thanks,
>
> -Drew
>
>