This App relies on flow data processed by NetFlow Optimizer (NFO) and sent to Splunk in syslog format.
The DDoS Detector for Splunk App and Technology Add-on for NetFlow are designed to work together. To download Add-on please visit https://splunkbase.splunk.com/app/1838/
To download NFO please visit https://www.netflowlogic.com/downloads/
Contact firstname.lastname@example.org and request DDoS Detector Module for NFO.
This Module consists of six independent components, which we call experts, each specializing in its own domain of knowledge. All experts process all the flow records received by NetFlow Optimizer, apply their own analytics, and, if an attack is detected, send messages to the events correlator, indicating the type of detected attack, confidence level, and a trend of the event characteristics dynamics (increasing, steady, or abating). The event correlator combines the information received from the experts, assigns weight to each reported event, and makes a final determination on reporting and its confidence in event validity.
Install DDoS Detector Splunk App and Technology Add-on for NetFlow.
|Splunk Node||What to install|
|Search Head||Add-on and App|
|Heavy Forwarder||Add-on only|
Install NFO on a spate server or VM. You can also install Splunk HF or UF together with NFO.
Please follow the steps described on Setup page of the App.
Upload DDoS Detector Module into NFO and enable it.
Please contact email@example.com if you have questions or need assistance.
Updates for Splunk Certification
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.