Fliebeat netflow vs elastiflow

Hello , here im, trying to find a nice solution for netflow analisis.
After reading elastiflow at
https://github.com/robcowart/elastiflow
And testing my recently working filebeat netflow module can not find more than cosmetic differences.
What Im looking for in the tool is:
1 List top destination and source flow.
2 Find strange behaviour on overall traffic (this can help me debug attacks).
3 Create my own traffic graphs based on particular ip.

I think point 1 and 2 are very nice here at filebeat module.
Point 3 is not very clear for me , I need to investigate a little bit more (im used to work with nfsen where you can create your own profiles ... this should be same here somehow).

Ok ... any feeling users would like to share would be wellcome.
Leandro.

Have you looked at the Elastic Security App there is all sorts of Network analysis... and there are some built in detection rules as well as anomaly detection.

https://www.elastic.co/guide/en/kibana/current/xpack-siem.html

Edit : oh and you can define your own detections as well.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.