DDoS Detector App

📄️ Overview

The DDoS Detector for Splunk Enterprise App provides real-time alerting and visualization for DDoS events detected by NetFlow Optimizer's DDoS Detector Module and reported to Splunk.

📄️ Installation

The DDoS Detector for Splunk App works together with the Technology Add-on for NetFlow (TA-netflow). Both must be installed before Splunk can receive, parse, and display DDoS events generated by NetFlow Optimizer (NFO).

📄️ Dashboards

The App includes two operational dashboards and an Alerts page that together cover real-time monitoring, forensic investigation, and alert management. The main dashboards share common NFO hostnames, Device / Virtual Network, and Confidence level filters, along with the standard Splunk Time range picker. See Operations — Confidence Levels for guidance on choosing the right threshold for your environment.