Hello , here im, trying to find a nice solution for netflow analisis.
After reading elastiflow at
https://github.com/robcowart/elastiflow
And testing my recently working filebeat netflow module can not find more than cosmetic differences.
What Im looking for in the tool is:
1 List top destination and source flow.
2 Find strange behaviour on overall traffic (this can help me debug attacks).
3 Create my own traffic graphs based on particular ip.
I think point 1 and 2 are very nice here at filebeat module.
Point 3 is not very clear for me , I need to investigate a little bit more (im used to work with nfsen where you can create your own profiles ... this should be same here somehow).
Ok ... any feeling users would like to share would be wellcome.
Leandro.