FlowSleuth

FlowSleuth is a web app (with an optional lightweight desktop collector) that turns raw network flow data into actionable incident signals for small-to-mid teams that can’t justify a full-blown NPM suite. It ingests NetFlow/sFlow/IPFIX from routers, firewalls, and switches, then builds baselines per site, VLAN, ASN, and critical app. The product focuses on “what changed” alerts: sudden east-west spikes, new top talkers, unexpected geo/ASN destinations, and bandwidth hogs that correlate with ticket storms. It includes fast pivots from an alert to the exact conversations (5-tuple), enrichment (ASN, GeoIP, known cloud providers), and a short incident timeline. This is not a replacement for Wireshark or enterprise observability; it’s a pragmatic, opinionated traffic triage tool that helps you answer: who is saturating links, what’s new, and where to look next—without hiring a dedicated network analyst.