Argus and the Argus Clients have quite a bit to offer in this line and they are open source. Check qosient.com for the GitHub information.
Dave > On Aug 10, 2022, at 7:37 AM, Peter Phaal <peter.ph...@gmail.com> wrote: > > Sounds like an interesting project. You might want to take a look at > sflowtool to get started. The following article shows how to use sflowtool to > decode sFlow datagrams and includes a simple Python script matching IP > addresses against a known threat database. > > https://blog.sflow.com/2018/12/sflow-to-json.html > <https://blog.sflow.com/2018/12/sflow-to-json.html> > > On Wed, Aug 10, 2022 at 7:19 AM Drew Weaver <drew.wea...@thenap.com > <mailto:drew.wea...@thenap.com>> wrote: > Hello, > > > > I am interested in getting involved with an open source project in my spare > time. > > > > I thought that it may be useful to contribute to an open source project that > uses flow data to check for lateral movement inside of networks and also to > check for known bads in remote connections. > > > > This seems like really low hanging fruit from a defense scenario. > > > > I’ve tried googling around for something like this and I have come up short. > > > > Is anyone aware of any such projects? > > > > Thanks, > > -Drew > > >