SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsNetFlow data is often collected for network monitoring and management, but it has many applications for the security analyst. NetFlow data can be used to identify variations from established traffic baselines, traffic originating from critical systems, and communications with known bad external hosts. Many edge devices support the generation of NetFlow data, but the collection and analysis often requires commercial tools. Options based on open source and free tools will allow an analyst to deploy a solution when commercial solutions are not available due to budgetary or other organizational constraints. Solutions based on this proposed architecture will provide the required NetFlow data collection resources that can feed a variety of systems that could be leveraged for analysis. The reference architecture described utilizes Ubuntu server, the nfdump suite of tools, custom Python scripts, and the free version of a commercial tool for analysis.
David Mashburn has over 20 years of experience in the information technology field. He is currently Chief Information Security Officer at Embry-Riddle Aeronautical University.
Read more about David Mashburn