Skip to content
/ Azure-flow-logs Public

Azure flow logs to neo4j dashboard for the purpose of threat hunting in flow data.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

colleybrb/Azure-flow-logs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
azure_logs.ipynb
azure_logs.ipynb
 
 
dashboard.json
dashboard.json
 
 

Repository files navigation

Azure Flow Logs to Neo4j

I was reviewing large amounts of Azure flow data for threat hunting. Kabana was running slow for what I needed. So, I pushed the information to Neo4j and had a default dashboard in Neodash made.

image

Take all data needed export to csv. All nodes have to be unique and contigous. Your relationships can store data that is non contigous and unreliable (such as encrypted bytes are dashes and would cause an error).

There are two main cell blocks in this example

  1. Push all sessions as source and destiantion from csv, and types are all hosts.
  2. Clear the database to rerun the the above.

Notes

  • This is a good way to vizualize large amounts of flow data for a specific event to draw information from all the data.

  • This also includes a dashboard template for neo dash. If you have known queries you would want to run against the data such as port break down in a pie chart or top amount of bytes by source.

Contact

***If you have issues and need help reach out to colleybrb@gmail.com

MIT

About

Azure flow logs to neo4j dashboard for the purpose of threat hunting in flow data.

Topics

python networking dashboard neo4j azure network-flow threat-hunting network-analysis

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages