Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FEATURE: Add dashboard for NetFlow #13009

Closed
dougburks opened this issue May 14, 2024 · 1 comment
Closed

FEATURE: Add dashboard for NetFlow #13009

dougburks opened this issue May 14, 2024 · 1 comment
Assignees
@dougburks
Milestone
2.4.70

Comments

@dougburks
Copy link
Contributor

dougburks commented May 14, 2024
edited
Loading

As a defender, I'd like a dashboard specific to NetFlow records:

event.module:netflow | groupby source.ip | groupby -sankey source.ip destination.ip | groupby destination.ip | groupby destination.port | groupby network.type | groupby network.transport | groupby network.direction | groupby netflow.type | groupby netflow.exporter.version  | groupby observer.ip | groupby source.as.organization.name | groupby source.geo.country_name | groupby destination.as.organization.name | groupby destination.geo.country_name

    ':netflow:':
        - soc_timestamp
        - event.dataset
        - source.ip
        - source.port
        - destination.ip
        - destination.port
        - network.type
        - network.transport
        - network.direction
        - netflow.type
        - netflow.exporter.version
        - observer.ip
@dougburks dougburks self-assigned this May 14, 2024
@dougburks dougburks added this to the 2.4.70 milestone May 14, 2024
dougburks added a commit that referenced this issue May 14, 2024
@dougburks
FEATURE: Add NetFlow dashboard #13009
5b45c80
@dougburks dougburks changed the title FEATURE: Add netflow dashboard FEATURE: Add NetFlow dashboard May 14, 2024
dougburks added a commit that referenced this issue May 14, 2024
@dougburks
Merge pull request #13010 from Security-Onion-Solutions/dougburks-pat…
1d16f6b 
…ch-1

FEATURE: Add NetFlow dashboard #13009
dougburks added a commit that referenced this issue May 14, 2024
@dougburks
FEATURE: Add NetFlow dashboard #13009
67645a6
dougburks added a commit that referenced this issue May 14, 2024
@dougburks
Merge pull request #13011 from Security-Onion-Solutions/dougburks-pat…
27ad84e 
…ch-1

FEATURE: Add NetFlow dashboard #13009
@dougburks dougburks changed the title FEATURE: Add NetFlow dashboard FEATURE: Add dashboard for NetFlow May 14, 2024
@dougburks
Copy link
Contributor Author

Tested and verified:
image

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dougburks dougburks

Labels
None yet
Projects
None yet
Milestone
2.4.70
Development

No branches or pull requests
1 participant
@dougburks