Graphs help to spot anomalies and patterns in large datasets.
This script takes netstat information from multiple hosts and formats them in a way to make them importable into Neo4j.
Neo4j can be queried for find connections to certain hosts, from certain hosts, find out the usage or protocols and much more.
There are already some files in the example directory for you to be able to test the tool.
you can also find example queries which will help you to have a basic idea of the possibilities of the search
Currently the tool is tested with the netstat output of Windows systems using the command 'netstat -an'
Install docker and docker-compose
git clone https://github.com/trinitor/netstat2neo4j.git /opt/netstat2neo4j/
docker-compose up -d
Upload Netstat Files
copy all netstat out files (*.txt files) into /opt/netstat2neo4j/script/import/
Create Cypher Statements for Neo4j
cd /opt/netstat2neo4j/script/the needed cypher statements can be found in create_database.txt
browse to https://localhost:7473
Copy content from create_database.txt
Paste into the command bar of the neo4j interface
MATCH (src)-[:DEPENDS_ON]->(dst)There is a query.txt in the example folder as well.
WHERE src.ip STARTS WITH '192_168_'
RETURN src, dst
Q: This is redundant. Don't you know there are other projects?
A: I do. This is not new or special. There are free projects, tutorials and commercial products based on agents to draw maps and even enforce rules.
Q: Creating netstats on all machines is hard. Do you have a solution?
A: While you can collect the information with WMI/PowerShell remoting I do not recommend to have an account that has full admin rights on all your systems.
Use your configuraiton managment to schedule the netstat creation or use schedulded tasks. This is out of scope for this small little project.
If you want to use an accout with all the keys to the kindom:
Q: You must be wrong. Neo4j must be able to read CSV files directly. Why are you creating the statements by yourselve?
A: You are right. It is possible to import CSV files directly.