Month: November 2025

Introducing the New CFM Web Detector

by

A Production-Grade, ML-Ready Traffic Analytics & Abuse-Detection Engine for Nginx, Apache & LiteSpeed CFM (Configurable Firewall Manager) started as a modern nftables-first firewall manager designed for high-security hosting and infrastructure operators.Over time, it evolved into a complete security platform: dynamic firewalling, live log-driven detection, autoblocking, system hardening, notifications, DNS/GeoIP enrichment, and API integration. Today, CFM … Read more

Building a Hybrid Anomaly Detection Engine for Network Flows

by
Netflows and Machine Learning

🧠 Building a Hybrid Anomaly Detection Engine for Network Flows 1️⃣ Background flowenricher already enriched NetFlow/IPFIX data with ASN, GeoIP, DNS, etc., and had an Isolation Forest (iForest)–based anomaly detector. We wanted to make the anomaly detection more stable, explainable, and sensitive to different attack patterns without constant retuning — so we added two complementary … Read more

Adding Isolation Forest Anomaly Scoring to FlowEnricher: practical, fast NetFlow Machine Learning

by
Isolation Forest in flowenricher

Teaching FlowEnricher to Spot Weirdos: Isolation Forest Joins the Party tl;dr: We added unsupervised anomaly detection to FlowEnricher using an Isolation Forest microservice. It scores per-IP behavior in real time and helps catch stealthy port scans and low-and-slow DoS bursts that signatures miss. Yeap, Machine Learning in netflows. Why Isolation Forest? Rule engines are great … Read more