elastiflow - Network flow Monitoring (Netflow, sFlow and IPFIX) with the Elastic Stack

  •        314

ElastiFlow™ provides network flow data collection and visualization using the Elastic Stack (Elasticsearch, Logstash and Kibana). It supports Netflow v5/v9, sFlow and IPFIX flow types (1.x versions support only Netflow v5/v9). The following dashboards are provided.

https://github.com/robcowart/elastiflow

Tags
Implementation
License
Platform

   




Related Projects

sof-elk - Configuration files for the SOF-ELK VM, used in SANS FOR572

  •    Python

This repository contains the configuration and support files for the SANS FOR572 SOF-ELK® VM Appliance. SOF-ELK® is a “big data analytics” platform focused on the typical needs of computer forensic investigators/analysts and information security operations personnel. The platform is a customized build of the open source ELK stack, consisting of the Elasticsearch storage and search engine, Logstash ingest and enrichment system, and the Kibana dashboard frontend. With a significant amount of customization and ongoing development, SOF-ELK® users can avoid the typically long and involved setup process the ELK stack requires. Instead, they can simply download the pre-built and ready-to-use SOF-ELK® virtual appliance that consumes various source data types (numerous log types as well as NetFlow), parsing out the most critical data and visualizing it on several stock dashboards. Advanced users can build visualizations the suit their own investigative or operational requirements, optionally contributing those back to the primary code repository.

elk-docker - Elasticsearch, Logstash, Kibana (ELK) Docker image

  •    Shell

This Docker image provides a convenient centralised log server and log management web interface, by packaging Elasticsearch, Logstash, and Kibana, collectively known as ELK. See the ELK Docker image documentation web page for complete instructions on how to use this image.

HELK - The Incredible HELK

  •    Shell

A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.At the end of the HELK installation, you will have a similar output with the information you need to access the primary HELK components. Remember that the default username and password for the HELK are helk:hunting.

docker-elk - The ELK stack powered by Docker and Compose.

  •    Dockerfile

Run the latest version of the Elastic stack with Docker and Docker Compose. It will give you the ability to analyze any data set by using the searching/aggregation capabilities of Elasticsearch and the visualization power of Kibana.

VulnWhisperer - Create actionable data from your Vulnerability Scans

  •    Python

VulnWhisperer is a vulnerability data and report aggregator. VulnWhisperer will pull all the reports and create a file with a unique filename which is then fed into logstash. Logstash extracts data from the filename and tags all of the information inside the report (see logstash_vulnwhisp.conf file). Data is then shipped to elasticsearch to be indexed. The following instructions should be utilized as a Sample Guide in the absence of an existing ELK Cluster/Node. This will cover a Debian example install guide of a stand-alone node of Elasticsearch & Kibana.


JustLog - JustLog brings logging on iOS to the next level

  •    Swift

JustLog takes logging on iOS to the next level. It supports console, file and remote Logstash logging via TCP socket with no effort. Support for logz.io available. At Just Eat, logging and monitoring are fundamental parts of our job as engineers. Whether you are a back-end engineer or a front-end one, you'll often find yourself in the situation where understanding how your software behaves in production is important, if not critical. The ELK stack for real-time logging has gained great adoption over recent years, mainly in the back-end world where multiple microservices often interact with each other.

vflow - Enterprise Network Flow Collector (IPFIX, sFlow, Netflow)

  •    Go

High-performance, scalable and reliable IPFIX, sFlow and Netflow collector (written in pure Golang).You can download and install pre-built debian package as below (RPM and Linux binary are available).

elasticsearch-logstash-index-mgmt - Bash scripts for managing backup, delete, and restore of elasticsearch indexes created by logstash

  •    Shell

Please note that Elasticsearch provides the python based Curator which manages closing/deleting and maintenance with lots of tuning capabilities. It is worth investigating Curator as an elasticsearch-maintained solution for your cluster's time-based index maintenance needs. If you are using Curator with Elasticsearch >= 1.0.0 (and Hubot) and you want a way to restore old indices, try hubot-elk-restore.

logstash-best-practice-cn - 本书已出版《ELK Stack权威指南》

  •    

本书已出版《ELK Stack权威指南》

NFDUMP - Netflow processing tools

  •    C

nfdump is a set of tools to collect and process netflow data. It's fast and has a powerful filter pcap like syntax. It supports netflow versions v1, v5, v7, v9 and IPFIX as well as a limited set of sflow and is IPv6 compatible. For CISCO ASA devices, which export Netflow Security Event Loging (NSEL) records, please use nfdump-1.5.8-2-NSEL.

Netflow Simulator in C#

  •    CSharp

Simulate netflow packets for version 1, 5, 7, 8,9. This can be helpful for development of netflow management software without access to a real netflow device. It also provides preliminary support for IPFIX and sFlow. .

MozDef - MozDef: The Mozilla Defense Platform

  •    Javascript

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

logstash - Logstash - transport and process your logs, events, or other data

  •    Ruby

Logstash is part of the Elastic Stack along with Beats, Elasticsearch and Kibana. Logstash is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite "stash." (Ours is Elasticsearch, naturally.). Logstash has over 200 plugins, and you can write your own very easily as well.The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.

docker-elk - 🐳 Creating an ELK stack could not be easier.

  •    

Creating an ELK stack could not be easier. Then, browse: http://localhost:8080 (replace localhost with your public IP address).

ELKstack-guide-cn - ELK Stack 中文指南

  •    

ELK Stack 中文指南

kibi - Kibi is a friendly - kept in sync - Kibana fork which add support for joins across indexes and external sources, tabbed navigation interface and more

  •    Javascript

Kibi extends Kibana 5.5.2 with data intelligence features; the core feature of Kibi is the capability to join and filter data from multiple Elasticsearch indexes and from SQL/NOSQL data sources ("external queries").In addition, Kibi provides UI features and visualizations like dashboard groups, tabs, cross entity relational navigation buttons, an enhanced search results table, analytical aggregators, HTML templates on query results, and much more.

LogTrail - Log Viewer plugin for Kibana

  •    Javascript

LogTrail is a plugin for Kibana to view, analyze, search and tail log events from multiple hosts in realtime with devops friendly interface inspired by Papertrail.

docker-logstash - Docker image for Logstash 1.4

  •    Shell

This is a highly configurable logstash (1.4.5) image running Elasticsearch (1.7.0) and Kibana (3.1.2). Any files in /opt/logstash/conf.d with the .conf extension will get loaded by logstash.

kibana2 - Kibana was acquired by Elastic in 2013. See elastic/kibana. More info at http://kibana.org

  •    Javascript

Kibana is a browser based interface for Logstash and ElasticSearch that allows you to efficiently search, visualize, analyze and otherwise make sense of your logs. To run Kibana with JRuby, e.g. if you have to run in on a windows machine, you can create a (executable) WAR archive.