NetflowWatcher#
Status: Planning
NetflowWatcher is a self-hosted, local-first network flow anomaly detector. It parses normalized flow data, scores anomalies with online ML, and incorporates human feedback via a Web UI—optionally summarizing flows with a local LLM.
Capabilities#
- Ingest SiLK/nfdump-style flows and normalize
- Online anomaly scoring blended with supervised feedback
- Review/label/export flows in a web UI; Docker Compose deployment
- Optional local LLM summarization; no cloud dependency
- Offline-first, no telemetry
Usage#
netflowwatcher ingest flows.jsonl --score --export out.json
Download & Verify
Download the latest release and verify its integrity:
For detailed verification steps, see our Shipping & Verification page.