This repository contains source code for the graph analysis part of the ZIEM project (SIEM by Zenika). The project collects network traffic in a Kafka cluster where data is processed with ksqlDB.
The architecture looks like :
Network packets are collected in Kafka by the ZIEM platform. Data is then processed by a few ksqlDB scripts (see here) to extract source and destination IP and count the number of packets.
Then a Neo4j Sink Connector reads data from the output topic and send the data to a neo4j instance. Thus data can be viewed and queried in Neo4j browser. A Cypher query helps colouring the nodes and edges by origin (if it's internal or external). An HTML page using neovis.js gives the nice visualization above.