Releases: tylabs/dovehawk_flow
Releases · tylabs/dovehawk_flow
Initial version
Capture partial netflow data with Zeek to a central database to run historical checks for malware activity and also to quality check new indicators against normal activity. This module sums outbound flow from all hosts over a 10 minute period to anonymize activity. All sessions from all hosts and combined into a single count of outgoing traffic bytes per IP. Inbound traffic is not counted.