This repo will help you collect Netflow (version 1,5,6,7,9 and IPFIX) from network devices. It stores all the required information needed for further analysis in InfluxDB and visualize them using Grafna.
Currently we are using InfluxDB v2+ for stroring data. If You need older version, you can see this repository.
- Supports almost all Netflow versions: In order to decode Netflow we are using tehmaze go module. this module supports netflow version 1,5,6,7,9 & IPFIX.
- Container ready: Just run a simple shell script to prepare your environment & run the containerized netflow collector
- IP Reputation check: Check source & destination IPs for the reputation & potential threats.
- Currently we are using IPSum from this repo
- OpenIntelligence24.com will be available soon. this will be a community based intelligence for checking IP, domains, ... reputatition.
- Machine Learning models & techniques to find threats like DDoS attacks through packet meta data
- Get Geo Locations using IP2Location free lite database (IPv4 & IPv6)
- Fetch AS Numebr & Name if possible from IP
- Fetch Domain Name from IP if Possible (using PTR record)
- Define multiple data exporter:
- InfluxDB
- Splunk (CEF)
- Zabbix
There are multiple ways to deploy "netflow collector" app & easiest ways is all-in-one deployment. This method will run influxdb
, grafana
& gonfcollector
docker container using a shell script. No more further configuration are needed & everythings will be downloaded/configured using a shell script
.
- Download the latest version:
wget https://download.openintelligence24.com/latest.sh
- Make this shell script executable
chmod +x latest.sh
- Run the downloaded shellscript.
./latest.sh
- You might be asked to enter your user's password during the execution.
- At the end, it will let you know how to run the container.
- REQUIREMENTS:
docker
,docker-compose
,wget
are required!
-
InfluxDB default passwords:
- Username: admin
- Password: influx_admin_secret
-
Grafana default passwords:
- Username: admin
- Password: secret
-
Project path: The shell script will create a directory called
oi24
(abbr. of openintelligence24.com) and a subdirectorynfcollector
inside your HOME directory. InfluxDB database, grafana dashboards & plugins & ... are invendors
sub-directory.- To open this directory run
cd $HOME/oi24/nfcollector
- To open this directory run
-
Start & Stop Containers:
- Start:
cd $HOME/oi24/nfcollector && docker-compose up -d
- Stop:
cd $HOME/oi24/nfcollector && docker-compose down
- Start: