Is wazuh support Netflow?

893 views
Skip to first unread message

Tekletsadik Tadesse

unread,
Jan 24, 2020, 2:45:50 AM1/24/20
to Wazuh mailing list
Is wazuh support Netflow? I want to analyze flows of wazuh events.

Fernando G.

unread,
Jan 24, 2020, 3:36:29 AM1/24/20
to Wazuh mailing list
Hello Tekletsadik Tadesse,
Wazuh is a Host IDS rather than a Network IDS, so I'm afraid it does not support Netflow nor any kind of packet analysis technique. However, and being that said, we do have a great integration with a few famous NIDS such as Snort or Suricata. For more information you can check the OwlH project.

Hope it helps.

Kind regards,
Fernando G.

jose antonio izquierdo lopez

unread,
Jan 25, 2020, 5:15:01 AM1/25/20
to Wazuh mailing list
Hi Tekletsadik, 

In OwlH we manage flow data directly from traffic listened over the network by the NIDS solutions we integrate as Fernando says, Suricata, Zeek. 
We can collect Netflow from other devices and provide the flow info as events in ELK console. As this flow data is quite noisy, you should consider splitting this flow data into different index patterns to avoid creating a mess in the wazuh-index. 
Please let us know if you need more details. 

You can contact us using our slack channel. OwlH Slack

OwlH is part of the Wazuh group/team. 

Best regards, 
Jose A Izquierdo
Reply all
Reply to author
Forward
0 new messages