This Python code is useful for analyzing net flow exported data. It merges all .time files, resolves IPs, removes duplicates, and exports all data into a CSV file which can then be analyzed in forensics.
- Description: Extracts net flow data from a specified file or directory.
- Features:
- Load data from a single file or merge data from multiple files in a directory.
- Optionally trim duplicate records.
- Optionally resolve IP addresses using
ipinfo.io. - Export the processed data into a CSV file.
- Description: Resolves IP addresses to additional information using
ipinfo.io. - Features:
- Fetch hostname, city, country, and organization information for each IP address.
- Integrate the resolved information into the net flow data.
- Export the enriched data into a CSV file.
- Description: Merges multiple net flow data files into a single DataFrame.
- Features:
- Load and merge data from multiple
.timefiles in a specified directory. - Sort and concatenate the data into a single DataFrame.
- Export the merged data into a CSV file.
- Load and merge data from multiple
-
Extract Data:
python extract.py
-
Resolve IPs:
python resolve.py
-
Merge Data:
python merge.py
The processed data is exported into a CSV file, which can be further analyzed for forensic purposes.
- nfExtractor.py which will connect all the scripts