search

idaholab / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
https://idaholab.github.io/Malcolm/
Other
326 stars 53 forks source link

NetFlow v9 input #248

Open mmguero opened 10 months ago

mmguero commented 10 months ago

A user requested we look into accepting NetFlow v9 as a flow data source. I believe there are netflow inputs for logstash and filebeat already, so the plumbing is there. The majority of the work would be in normalizing the flow data to match, but there's a good chance that it's already going to be targeting ECS anyway.

StammesOpfer commented 3 months ago

Maybe some collab? https://github.com/arkime/arkime/issues/1617