dovehawk_flow

https://github.com/tylabs/dovehawk_flow
2 1 2 0 Last Push 9/23/23, 8:06 PM

Dovehawk.io Anonymized Outgoing Flow Collector Module for Zeek

This module collects outgoing flow counts to external IPs across an entire Cluster or Standalone Zeek instance. The local source IPs are not tracked and SUMSTATS is used to sum multiple requests over a specified time period anonymizing and grouping the requests across the entire network.

Local hostnames are stripped to further anonymize the data for external sharing.

Sticker 1 Sticker 2

Screencaps

DoveHawk Flow Reported

Dovehawk Flow Reports

DoveHawk flow.log Local Log

Dovehawk Flow Log

Requirements

Zeek > 3.0

Curl command line version used by ActiveHTTP

Database

See dovehawk_lambda for an AWS Lambda serverless function to store reporting in RDS Aurora.

Contact

@tylabs

Package Version :

Description :

Dovehawk Anonymized Outbound Flow Tracking

Script Dir :

./scripts/

Tags :

netflow, connections, dovehwak, remote, log