-
Notifications
You must be signed in to change notification settings - Fork 22
NEMEA Appliance
Tomas Cejka edited this page Oct 17, 2016
·
2 revisions
NEMEA Appliance should be:
- standalone
- configurable
- out-of-box deployable
- monitorable and managable system, where all needed and useful parts are already installed and preconfigured.
The appliance should be deployable as a physical machine as well as virtual one.
Some of them might be unused/switched off, depending on deployment.
- flow collection (netflow/IPFIX/...); IPFIXcol; optional
- flow export; NEMEA FlowMeter; optional - may be replaced by IPFIXcol
- flow analysis and detection; NEMEA
- longterm status monitoring; munin
- watching the system status and health with notification (running processes, memory and disk space, incoming data in last N minutes, dropped messages); zabbix client/nagios client;
- alerts visualization; NEMEA Dashboard
- flow visualization; SecurityCloudGUI (depends on nfdump or fdistdump)
- report alerts into Warden; warden client; optional
- configuration; ?
- ipfixcol
- nemea
- munin
- nemea-dashboard
- securitycloudgui
- zabbix-agent
- nagios-node
- warden_client
Deployment of NEMEA on multiple computational nodes with Scatter for distributing flow records in a clever way that does not affect detection results. This brings an idea from our paper (submitted to PAM2017) to real world.
This should be monitorable and managable as well, however, collector and visualization is probably not needed.
The input should be already in UniRec.
The output - alerts should be merged (?) from all nodes and deduplicated (?).
This Appliance should be designed for "big data" in flow monitoring.