For the integration between the SDA and the DCP, the proposed architecture is as follows:
In 1 the exported packets will be received by the SDA component using Goflow2 as a collector, this Netflow information will be aggregated to give bidirectional information and the aggregated features.
The output of the SDA (2) will be written in PALANTIR’s Kafka with the schema Raw Netflow Data + Aggregated features:
The Consumer Driver must be updated to allow serialization of all Netflow fields to this CSV schema. The zeek_extra_field is an extra field to be added because is nedeed to be consider and filled by the Zeek monitoring component in PALANTIR. The Consumer Driver adds the $ default value to this zeek_extra_field
For the integration between the SDA and the DCP, the proposed architecture is as follows:
In 1 the exported packets will be received by the SDA component using Goflow2 as a collector, this Netflow information will be aggregated to give bidirectional information and the aggregated features.
The output of the SDA (2) will be written in PALANTIR’s Kafka with the schema
Raw Netflow Data+Aggregated features:The Consumer Driver must be updated to allow serialization of all Netflow fields to this CSV schema. The
zeek_extra_fieldis an extra field to be added because is nedeed to be consider and filled by the Zeek monitoring component in PALANTIR. The Consumer Driver adds the$default value to thiszeek_extra_field