DoveHawk Flow is a Zeek module that collects anonymized outgoing network flow counts to external IPs, enabling privacy-preserving network monitoring and intrusion detection.
DoveHawk.io Anonymized Outgoing Partial Netflow
This tool is designed for network security professionals and analysts who want to monitor outgoing network flows without exposing local source IPs or hostnames, facilitating secure external sharing of network activity data. It is ideal for deployments in Zeek clusters or standalone instances to aggregate and anonymize flow data for intrusion detection and security automation.
Requires Zeek version > 3.0 and Curl installed for full functionality. The tool focuses on anonymizing outgoing flow data to protect local network privacy, making it suitable for environments where data sharing must comply with privacy constraints. Integration with the dovehawk_lambda repository enables serverless storage of flow reports in AWS Aurora databases.
Ensure Zeek version is greater than 3.0
Install Curl command line tool for ActiveHTTP functionality
Deploy the DoveHawk Flow Zeek module within your Zeek cluster or standalone instance
Optionally, set up the dovehawk_lambda AWS Lambda function for report storage in RDS Auroracurl <url>
Used by ActiveHTTP within the module to perform HTTP requests