NetFlow v9 input - Githubissues

cisagov / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

https://cisagov.github.io/Malcolm/

Other

1.97k stars 331 forks source link

NetFlow v9 input #467

Open mmguero opened 2 weeks ago

mmguero commented 2 weeks ago

@mmguero cloned issue idaholab/Malcolm#248 on 2023-08-22:

A user requested we look into accepting NetFlow v9 as a flow data source. I believe there are netflow inputs for logstash and filebeat already, so the plumbing is there. The majority of the work would be in normalizing the flow data to match, but there's a good chance that it's already going to be targeting ECS anyway.

mmguero commented 2 weeks ago

@StammesOpfer commented on 2024-03-23:

Maybe some collab?

https://github.com/arkime/arkime/issues/1617