flow-pipeline VS ElastiFlow

Many Thanks to Cloudflare and dev.to for giving us this opportunity.

Unlike other providers in this list, Cloudflare is not just a serverless database platform. Instead, it’s a cloud connectivity platform that provides several web services. It’s one of the world's largest networks and serves 55 million HTTP requests per second.

Using a Content Delivery Networks (CDNs) such as Cloudflare, can help absorb large amounts of traffic and mitigate the impact of DoS attacks.

When a user requests a webpage, the CDN delivers the content from the nearest server to the user. As a result, the loading times are faster since the data has to travel a shorter distance. CDNs offer endless benefits like reduced bandwidth usage, scalability, increased reliability, and more. Some well-known CDNs include Cloudflare, Amazon CloudFront, Akamai, and Fastly. They offer several features that help reduce web page sizes and make websites run better.

Cloudflare

Cloudflare offers low/no markup domain name registration with a free DNS service. This will virtually always be your cheapest option for domain name renewals. They don't list prices for all TLDs upfront, so use this list to get your best estimate.

Our site used Cloudflare to handle all our DNS needs. Cloudfare has a number of rewrite options but as we needed to make a decision based on a) the URL path and b) rewriting to a specific domain, the only option (as a non enterprise customer) was to use Cloudflare workers (via worker routes).

Add Cloudflare Cahce & Protection

Cloudflare is a cloud-provider, most-known for their CDN, offering several services to build cloud applications. Among them, Cloudflare Workers is a serverless service that allows you to run serverless functions at edge (like Lambda@Edge if you are an AWS user). This means that your code runs closer to end-users, resulting in blazing fast response times.

As a matter of fact, I played with the now deprecated Elastiflow, however I couldn't get my head around managing ELK, scrapped it pretty quickly, and Netflow did not reach the meaningful stage at that time. OpenNMS looks pretty massive that I can't run it at the moment. Thanks for suggestion though.

One thing I ran for a while was security onion and utilized port mirroring to mirror the uplink port from my primary switch to my LAN on my router, so I was catching anything coming into/out of my network destined for internet. I've also used ElastiFlow ( https://github.com/robcowart/elastiflow ) which is absolutely phenomenal and awesome, I did the same and it provides some great data. You could also leverage IntelOwl ( https://github.com/intelowlproject/IntelOwl ) , one thing I have added to all my VMs is a OSSEC agent, Wazuh to be specific which is free ( https://github.com/wazuh/wazuh ) and while I am not using it to its full potential such as monitoring file deletions/modifications etc it is a powerful tool.

I'd recommend taking a look at Elastiflow (link is to the legacy version, I haven't used the pay structured tier version that replaced it) as a flow collector. Do it in a docker container, dump netflow to it, and use a sample rate that doesn't fill your collector box with flow packets after a single day. Depends on your traffic rates. We use 1 out of 250 for our rate.

https://github.com/robcowart/elastiflow/issues/201 https://github.com/robcowart/elastiflow/issues/52

Where as the newer version is (https://github.com/robcowart/elastiflow/) is called: