Network monitoring is a paramount aspect for the detection of abnormal and malicious activity. However, this feature must go hand by hand with mitigation techniques. On SDN environments, control techniques may be easily developed as a result of its ability for programming the network. In this work, we take advantage of this fact to improve the network security using the sFlow monitoring tool along with the SDN controller. We present an architecture where sFlow is in charge of detecting network anomalies defined by user rules, while the SDN technology is responsible to mitigate the intrusion. Our testbed has been implemented on Mininet and the SDN environment is governed by Opendaylight controller and the OpenFlow southbound protocol. Experimental validation demonstrate that our system can effectively report various types of intrusion associated with the reconnaissance phase of an attack.