Saturday, September 19, 2015

SilkWeb - Netflow via Webservices

 "Your  security operations or network operations tools cannot run in isolation anymore. True SOC operations is about cohesion of data." 

The common need I get from many Network & Security Operations Centers (NOC & SOC) analysts is their wish to integrate data from their various feeds into UI frameworks and dashboards.  How about NetFlow data itself, NetFlow basically is (at a minimum) a 5-tuple summary of network traffic that crosses your perimeter (firewall or router).  If your NetFlow data goes into a database there are a few tools to translate your database queries to JSON/XML and make these available over webservices.   In this blog I am introducing a project that will help expose SiLK NetFlow data over webservices JSON/XML/CSV to able to integrate SiLK data into your NOC/SOC dashboard with some basic examples. The project is in GitHub called silkweb.