Sounds like an interesting project. You might want to take a look at sflowtool to get started. The following article shows how to use sflowtool to decode sFlow datagrams and includes a simple Python script matching IP addresses against a known threat database.
https://blog.sflow.com/2018/12/sflow-to-json.html On Wed, Aug 10, 2022 at 7:19 AM Drew Weaver <[email protected]> wrote: > Hello, > > > > I am interested in getting involved with an open source project in my > spare time. > > > > I thought that it may be useful to contribute to an open source project > that uses flow data to check for lateral movement inside of networks and > also to check for known bads in remote connections. > > > > This seems like really low hanging fruit from a defense scenario. > > > > I’ve tried googling around for something like this and I have come up > short. > > > > Is anyone aware of any such projects? > > > > Thanks, > > -Drew > > >
