There are few interesting projects out there that looks interesting to me, here's the list -
- Network Forensic Search Engine
I haven't really tried them out except Network Forensic Search Engine(Net/Fse), to me Net/Fse is still in early stage where it is basically providing the interface to allow you to search the collected netflow data with your preferred web browser when there's alert for certain network event, I think it is still in its infancies stage as their developers are keen on developing more supports for different kind of data. Net/Fse is using nfdump as back end engine to collect netflow data so it should scale well(I learn this from my past experience) however marketing wise, Net/Fse is smart enough to give its name(Network Forensic Search Engine) that maybe misleading, it is just allowing you to search through the historical netflow or syslog data. For the moment, you can just use nfsen to do the same thing, or better use sguil as you can query the session data that are collected by sancp instantly once you have any alert event. The only advantage of collecting netflow data is because it is built in for most of Cisco based routers and ISP should learn to love them. If you are GUI phobia, argus and silktools are best suited for the job as it has own set of analysis tools to perform in depth flow analysis using CLI.
I don't have much comment about Comixwall and Netams as I haven't tried them out, Comixwall is the firewall system based on OpenBSD, for more detail you can check out here. Netams is more of web based network traffic accounting and monitoring system based on collected netflow data. Maybe I will spend sometime to take closer look at them.
Otherwise, I'm toying with network graphing. There are two graphing toys you should take a look in case you haven't -
All for now, I'm still not into blogging mood but I will keep it up.