nfdump is a toolset for collecting and processing netflow/ipfix and sflow data, sent from netflow/sflow compatible devices. It contains several collectors to collect flow data and can process and list flows in many different output formats, creating a wide range of statistics. It also has a powerful flow filter and can aggregate flows according to a user-defined number of elements. nfdump can enrich the listing of flows with geo location information and AS information, and can read and write flow files in various formats. It is compatible with nfdump-1.6.18 and can read files created with earlier versions. nfdump is now a multi-threaded program and uses parallel threads for reading, writing, and processing flows, as well as for sorting. It supports flexible length fields for netflow v9 and IPFIX, and has improved packet processing with nfpcapd. nfdump has new programs such as geolookup, which allows enriching IP addresses with country codes/locations and adding potential missing AS information. It also supports NSEL/ASA and NEL/NAT event logging.
FEATURES
ALTERNATIVES
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
SysmonSearch makes event log analysis more effective by aggregating Microsoft Sysmon logs and providing detailed analysis through Elasticsearch and Kibana.
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.

System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.

Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.

Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.

Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.