Skip to content

Cybersecurity: Analyze Packbeat flows #1066

New issue
New issue
Open
Open
Cybersecurity: Analyze Packbeat flows#1066
Labels
ksqlDBksqlDB relatedrecipeuse caseA tutorial with an extended business use case
@ybyzek

Description

@ybyzek
ybyzek
opened on Feb 4, 2022 · edited by ybyzek
Contributor

Reference: https://maciejszymczyk.medium.com/ksqldb-real-time-sql-magic-in-the-cybersecurity-scenario-part-1-3232fa711442

Snippet:

CREATE TABLE packetbeat_flows_by_1m WITH (KEY_FORMAT='JSON') AS
    SELECT
    source -> ip as srcip,
    source -> port as srcport,
    destination -> ip as dstip,
    destination -> port as dstport,
    network -> transport,
    SUM(source -> packets) as source_packets,
    SUM(source -> bytes) as source_bytes,
    SUM(destination -> packets) as destination_packets,
    SUM(destination -> bytes) as destination_bytes,
    SUM(network -> packets) as network_packets,
    SUM(network -> bytes) as network_bytes,
    COUNT(*) as cnt
FROM packetbeat_flows
WINDOW TUMBLING (SIZE 1 MINUTE)
GROUP BY source->ip, source-> port, destination->ip, destination->port, network->transport
  EMIT CHANGES;

Activity

ybyzek
added
recipe
ksqlDBksqlDB related
use caseA tutorial with an extended business use case
on Feb 4, 2022
ybyzek
changed the title [-]Analyze Packbeat flows[/-] [+]Cybersecurity: Analyze Packbeat flows[/+] on Feb 4, 2022
rspurgeon
self-assigned this
on Mar 21, 2022
ybyzek
unassigned
rspurgeon
on Apr 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    ksqlDBksqlDB relatedrecipeuse caseA tutorial with an extended business use case

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @rspurgeon@ybyzek

        Issue actions
          Cybersecurity: Analyze Packbeat flows · Issue #1066 · confluentinc/kafka-tutorials