How is determined the terms appearing on the lower Tag Cloud in Overview?

robcowart / elastiflow

Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack

Other

2.48k stars 590 forks source link

How is determined the terms appearing on the lower Tag Cloud in Overview? #150

Closed pukkita closed 5 years ago

pukkita commented 5 years ago

captura de pantalla 2018-07-31 a las 10 20 32

What causes e.g. bruteforce to appear? Does Elastiflow analyze traffic patterns for this?

robcowart commented 5 years ago

It is based on IP Reputation-related tags. There is a dictionary ip_rep_basic.yml that is built from various OSINT sources. All public IPs are checked to determine any relevant reputation tags. The ip_rep_basic.yml dictionary will be updated with each release.

pukkita commented 5 years ago

Superb, thanks!