I want to visualize anomalies in data and need some lead on that.
Anyone having any prior experience in "visualizing anomalies in pcap using elk stack " kindly let me know.
Have you looked into Packetbeat? It uses pcap to capture the network packet data and then you could get that data into a ML Anomaly Detection chart to see anomalies.
Does packet beat work for already captured data using wireshark?
Ah no, it will capture the data itself.
You could use tshark cmdline utility to import .pcap files to Elasticsearch.
I have checked this and implemented this too but i wanted to visualize the data i based on lengths of the data frame in a pcap file. So i couldn't use this.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.