"Your security operations or network operations tools cannot run in isolation anymore. True SOC operations is about cohesion of data."
The common need I get from many Network & Security Operations Centers (NOC & SOC) analysts is their wish to integrate data from their various feeds into UI frameworks and dashboards. How about NetFlow data itself, NetFlow basically is (at a minimum) a 5-tuple summary of network traffic that crosses your perimeter (firewall or router). If your NetFlow data goes into a database there are a few tools to translate your database queries to JSON/XML and make these available over webservices. In this blog I am introducing a project that will help expose SiLK NetFlow data over webservices JSON/XML/CSV to able to integrate SiLK data into your NOC/SOC dashboard with some basic examples. The project is in GitHub called silkweb.
The common need I get from many Network & Security Operations Centers (NOC & SOC) analysts is their wish to integrate data from their various feeds into UI frameworks and dashboards. How about NetFlow data itself, NetFlow basically is (at a minimum) a 5-tuple summary of network traffic that crosses your perimeter (firewall or router). If your NetFlow data goes into a database there are a few tools to translate your database queries to JSON/XML and make these available over webservices. In this blog I am introducing a project that will help expose SiLK NetFlow data over webservices JSON/XML/CSV to able to integrate SiLK data into your NOC/SOC dashboard with some basic examples. The project is in GitHub called silkweb.