Hello everyone,
I would like to ask everyone using nfsen and Peter (Haag) about nfsen
automation features.
I know that nfsen includes features for alerts but I was wondering
whether there have been implementations that integrate nfsen with Splunk
or Elastic / ELK Stack and/or guidelines to follow with such
implementation.
IMHO, integrating nfsen (or probably nfdump only?) with the above (i.e.
Splunk or Elastic / ELK Stack) could produce significant benefits in
automation and monitoring of a whole network and might be able to be
configured to detect DoS/DDoS, port scans, brute force attacks etc and
produce alerts for direct response.
By the way, back from 2014 there is an nfsen plugin for detecting DDoS
attacks (https://github.com/CERT-GOV-GE/gabriel). Has anyone used it?
Are there other similar plugins that provide similar functionality? Your
experience with them?
Cheers,
Nick
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
