Hi Nick,
On 17.04.23 10:10, Nikolaos Milas via Nfsen-discuss wrote:
Hello everyone, I would like to ask everyone using nfsen and Peter (Haag) about nfsen automation features.
This all depends on the number of flows in your network. Pushing alterts into any other system is rel. easy to do. Pumping all flows into an ELK stack or the like, requires high resources. Nfdump can output json formated flow records, which can be absorbed by any other system. Please note, nfsen is old code and will not get new features. It's maintained at Github as many users were asking for compatibility with nfdump-1.7 https://github.com/phaag/nfsen In general I would recommend to move any discussions to Github: For old nfsen discussions: https://github.com/phaag/nfsen/discussions or nfdump discussions: https://github.com/phaag/nfdump/discussions Of course, finally you need to select those sulutions suited best for your problem. - Peter
I know that nfsen includes features for alerts but I was wondering whether there have been implementations that integrate nfsen with Splunk or Elastic / ELK Stack and/or guidelines to follow with such implementation.IMHO, integrating nfsen (or probably nfdump only?) with the above (i.e. Splunk or Elastic / ELK Stack) could produce significant benefits in automation and monitoring of a whole network and might be able to be configured to detect DoS/DDoS, port scans, brute force attacks etc and produce alerts for direct response.By the way, back from 2014 there is an nfsen plugin for detecting DDoS attacks (https://github.com/CERT-GOV-GE/gabriel). Has anyone used it? Are there other similar plugins that provide similar functionality? Your experience with them?Cheers, Nick _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
