NetflowWatcher

Local-first network flow anomaly detection with feedback

NetflowWatcher is a self-hosted, local-first network flow anomaly detector. It parses normalized flow data, scores anomalies with online ML, and incorporates human feedback via a Web UI—optionally summarizing flows with a local LLM.

Capabilities

  • Ingest SiLK/nfdump-style flows and normalize
  • Online anomaly scoring blended with supervised feedback
  • Review/label/export flows in a web UI; Docker Compose deployment
  • Optional local LLM summarization; no cloud dependency
  • Offline-first, no telemetry

Usage

netflowwatcher ingest flows.jsonl --score --export out.json

Ready to Get Started?

Download NetflowWatcher and start using it in your environment.