This App relies on flow data processed by NetFlow Optimizer (NFO) and sent to Splunk in syslog format.
The DDoS Detector for Splunk App and Technology Add-on for NetFlow are designed to work together. To download Add-on please visit https://splunkbase.splunk.com/app/1838/
To download NFO please visit https://www.netflowlogic.com/downloads/
Contact trials@netflowlogic.com and request DDoS Detector Module for NFO.
This Module consists of six independent components, which we call experts, each specializing in its own domain of knowledge. All experts process all the flow records received by NetFlow Optimizer, apply their own analytics, and, if an attack is detected, send messages to the events correlator, indicating the type of detected attack, confidence level, and a trend of the event characteristics dynamics (increasing, steady, or abating). The event correlator combines the information received from the experts, assigns weight to each reported event, and makes a final determination on reporting and its confidence in event validity.
Install DDoS Detector Splunk App and Technology Add-on for NetFlow.
Splunk Node | What to install |
---|---|
Search Head | Add-on and App |
Indexer | Add-on only |
Heavy Forwarder | Add-on only |
Universal Forwarder | None |
Install NFO on a spate server or VM. You can also install Splunk HF or UF together with NFO.
Splunk
Please follow the steps described on Setup page of the App.
NetFlow Optimizer
Upload DDoS Detector Module into NFO and enable it.
Please contact splunk_team@netflowlogic.com if you have questions or need assistance.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.