DDoS Detector App
Overview
The DDoS Detector for Splunk Enterprise App provides real-time alerting and visualization for DDoS events detected by NetFlow Optimizer's DDoS Detector Module and reported to Splunk.
Installation
The DDoS Detector for Splunk App works together with the Technology Add-on for NetFlow (TA-netflow). Both must be installed before Splunk can receive, parse, and display DDoS events generated by NetFlow Optimizer (NFO).
Dashboards
The App includes two operational dashboards and an Alerts page that together cover real-time monitoring, forensic investigation, and alert management. The main dashboards share common NFO hostnames, Device / Virtual Network, and Confidence level filters, along with the standard Splunk Time range picker. See Operations — Confidence Levels for guidance on choosing the right threshold for your environment.