Normanras

joined 1 year ago
[–] [email protected] 1 points 11 months ago

I’ve gone down this rabbit hole and have yet to find a solution I like. The only routes I haven’t gone down yet are the grey log or sec onion, as the learning curve is steep.

I do use crowdsec and that has been semi-helpful at showing me where a scanner is trying to poke around and on what service.

I currently use ntopng’s community version and that’s been acceptable for now. Some parts are a bit confusing and the documentation didn’t help me understand, but the tables are really well laid out and I can easily see the server/cliebt relationship with in and outbound traffic. I’ll try and share screenshots of how it looks for me to see if that helps you.