Re: Sflow/netflow/ipfix open source security projects

[Peter Phaal <peter.phaal () gmail com>]

Sounds like an interesting project. You might want to take a look at
sflowtool to get started. The following article shows how to use sflowtool
to decode sFlow datagrams and includes a simple Python script matching IP
addresses against a known threat database.

https://blog.sflow.com/2018/12/sflow-to-json.html

On Wed, Aug 10, 2022 at 7:19 AM Drew Weaver <drew.weaver () thenap com> wrote:

> Hello,
>
>
>
> I am interested in getting involved with an open source project in my
> spare time.
>
>
>
> I thought that it may be useful to contribute to an open source project
> that uses flow data to check for lateral movement inside of networks and
> also to check for known bads in remote connections.
>
>
>
> This seems like really low hanging fruit from a defense scenario.
>
>
>
> I’ve tried googling around for something like this and I have come up
> short.
>
>
>
> Is anyone aware of any such projects?
>
>
>
> Thanks,
>
> -Drew