Graphs help to spot anomalies and patterns in large datasets.
This script takes netstat information from multiple hosts and formats them in a way to make them importable into Neo4j.
Neo4j can be queried for find connections to certain hosts, from certain hosts, find out the usage or protocols and much more.
There are already some files in the example directory for you to be able to test the tool.
you can also find example queries which will help you to have a basic idea of the possibilities of the search
Currently the tool is tested with the netstat output of Windows systems using the command 'netstat -an'
Install docker and docker-compose
git clone https://github.com/trinitor/netstat2neo4j.git /opt/netstat2neo4j/
cd /opt/netstat2neo4j/docker docker-compose up -d
Upload Netstat Files
copy all netstat out files (*.txt files) into /opt/netstat2neo4j/script/import/
Create Cypher Statements for Neo4j
cd /opt/netstat2neo4j/script/ bash csv2neo4j.sh
the needed cypher statements can be found in create_database.txt
MATCH (src)-[:DEPENDS_ON]->(dst) WHERE src.ip STARTS WITH '192_168_' RETURN src, dst
There is a query.txt in the example folder as well.
Q: This is redundant. Don't you know there are other projects?
A: I do. This is not new or special. There are free projects, tutorials and commercial products based on agents to draw maps and even enforce rules.