Hi Steven. Thanks for sharing your cyber security expertise & knowledge with the community on your RU-vid channel. Best wishes & continue your inspiring cyber security training & work.
Network analysis relies on having pcap data available. You'd need to capture pcap data 24/7, right? What tool do you recommend to capture pcap data of that magnitude? If opensource, would it be recommended to deploy in a production environment?
Great insight and question! You’re correct that network analysis relies having pcap data but you can actually get away with netflow/NGFW log data without having actual PCAPs and that is how many organizations are setup. To capture pcaps at scale, you would use a network packer aggregator/indexer such as gigamon or Arkime (open source route) with taps setup but please note, arkime will require a beefy machine to be used in a production environment.