Splunk Netflow dashboard using Network Topology visualization and Network Toolkit add-ons.
HTML-код
- Опубликовано: 6 окт 2024
- Dashboard that helps me understand activity in my home lab looking at netflow data from my OPNsense firewall. This dashboard starts with a simple timechart that gives me a trend of average mb_in across all of my devices. I have OPNsense configured to send netflow data v9 to a Splunk independent stream forward which then sends to my Splunk indexer.
This dashboard utilizes the Network Topology - Custom Visualization and the Network Toolkit to be more interactive and perform WHOIS actions on source IP addresses. You will need to have both of those apps installed for the dashboard to work as intended.
You will also need to adjust the base search of this dashboard to match the index where the netflow data lives. This dashboard uses post processing and you will need to edit the source XML provided.
Network Topology - Custom Visualization:
splunkbase.spl...
Network Toolkit:
splunkbase.spl...
Splunk Stream documentation:
docs.splunk.co...
GoSplunk:
gosplunk.com/
gosplunk.com/a...
OPNsense Netflow Configuration:
docs.opnsense....
travis.
![Natanael Cano - Amor Eterno [Official Video]](http://i.ytimg.com/vi/EO4prCs6WpM/mqdefault.jpg)
You earned a follow.
Amazing video!!
How can i simulate the Nextflow network traffic using Splunk if I don't have real network logs? To use the netflow dashboard.
One way to get simulated data into Splunk is by using the Splunk Event Generator (Eventgen) utility. Here are 2 links for more info: splunkbase.splunk.com/app/1924
splunk.github.io/eventgen/
I have also played around with ChatGPT to help build a process that would generate synthetic data that can be ingested by Splunk.
Another route would be to look into the Splunk makeresults command. Here are 2 links for more info: docs.splunk.com/Documentation/Splunk/latest/SearchReference/Makeresults
lantern.splunk.com/Splunk_Platform/Product_Tips/Searching_and_Reporting/Using_the_makeresults_command
💔 𝙥𝙧𝙤𝙢𝙤𝙨𝙢