Technical Overview

Open Network Insight is a solution built to leverage strong technology in both “big data” and scientific computing disciplines. While the solution solves problems end-to-end, components may be leveraged individually or integrated into other solutions. All components can output data in CSV format, maximizing interoperability.

Parallel Ingest Framework. The system uses decoders optimized from open source, that decodes binary flow and packet data, then loading the data in HDFS and data structures inside Hadoop. The decoded data is stored in multiple formats so it is available for searching, used by machine learning, transfer to law enforcement, or inputs to other systems.

Machine Learning. The system uses a combination of Apache Spark and optimized C code to run scalable machine learning algorithms. The machine learning component works not only as a filter for separating bad traffic from benign, but also as a way to characterize the unique behavior of network traffic in an organization.

Operational Analytics. In addition to machine learning, a proven process of context enrichment, noise filtering, whitelisting, and heuristics are applied to network data to produce a short list of the most likely patterns, which may be security threats.

Home

Home
[Overview of Open Network Insight](Overview of Open Network Insight)
- [Technical Overview](Technical Overview)
[Planning Guide](Planning Guide)
- [Deployment Option 1: Pure Hadoop](Pure Hadoop)
- [Deployment Option 2: Hybrid Hadoop / Virtual](Hybrid Hadoop)
[Deployment Guide](Deployment Guide)
[Installation & Configuration Guides](Installation & Configuration Guides)
- Initial Configuration
  - [Configure User Accounts](Configure User Accounts)
  - [Edit Solution Configuration](Edit Solution Configuration).
  - [Setup HDFS](Setup HDFS)
- Ingest Component
  - Installation & Configuration Guide
- Machine Learning
  - [Install Prerequisites](Install ML Prerequisites).
  - [Installation & Configuration Guide](Install and Configure ML)
  - [Running ML](Running ML)
- Operational Analytics & User Interface
[User Guide](User Guide)
- Flows
  - [Suspicious Connects – Analyst View](Suspicious Connects)
  - [Threat Investigation – Analyst View](Threat Investigation)
  - Storyboard
  - [Ingest Summary – Analyst View](Ingest Summary)
- DNS
  - [Suspicious DNS – Analyst View](Suspicious DNS)
  - [Threat Investigation – Analyst View](DNS Threat Investigation)
  - [Storyboard](DNS Storyboard)
- Proxy
  - [Suspicious Proxy - Analyst View](Suspicious Proxy)
  - [Threat Investigation - Analyst View](Proxy Threat Investigation)
  - [Storyboard](Proxy Storyboard)
ONI Demo

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Technical Overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally