Skip to main content
Version: 2.12.0

Integrations & Apps

NetFlow Optimizer (NFO) is the intelligent bridge between your raw network infrastructure and your security and operations platforms. It normalizes, enriches, and reduces massive volumes of network telemetry in real time — so your SIEM, SOAR, and observability tools receive high-fidelity, actionable data without the noise of raw flow logs.

Key integration benefits:

  • Universal normalization: Converts NetFlow, IPFIX, sFlow, and cloud flow logs into CIM-compliant (Splunk) or ECS-compatible formats — one set of dashboards regardless of hardware vendor.
  • Cost reduction: Deduplication and intelligent aggregation reduce data volume by up to 80% before it reaches your platform, directly lowering ingestion and storage costs.
  • Real-time enrichment: Every record arrives pre-enriched with GeoIP location, threat intelligence reputation scores, and user identity context.

Integration Architecture

NFO fits seamlessly into your existing data pipeline:

  1. Ingest: NFO receives raw telemetry from routers, switches, firewalls, and cloud VPCs.
  2. Process: The NFO engine performs enrichment, correlation, and volume reduction.
  3. Output: NFO pushes formatted JSON, Syslog, or HEC data to your chosen platform.
  4. Visualize: Pre-built NFO Apps and Content Packs provide instant visibility through expert-designed dashboards.

Supported Platforms

Select your platform to access deployment guides, dashboard walkthroughs, and technical specifications.

SIEM & Security Analytics

📄️ Splunk

App & Technology Add-on. Security analytics, ITSI integration, and network monitoring dashboards. The most comprehensive NFO integration available.

📄️ Microsoft Sentinel

Data Connector & Workbooks. Cloud security operations and log cost management for Azure-native environments.

📄️ CrowdStrike Falcon LogScale

Correlate endpoint EDR telemetry with network flow visibility for unified threat detection.

📄️ Exabeam

Feed enriched network flows into Exabeam for UEBA and insider threat detection workflows.

📄️ SentinelOne

DataSet / Scalyr integration for high-performance observability and network context in distributed environments.

📄️ Sumo Logic

Stream enriched flow data to Sumo Logic for cloud-native security analytics and compliance reporting.

Observability & IT Operations

📄️ Axoflow

Use Axoflow as an intelligent routing layer between NFO and multiple downstream destinations.

📄️ Datadog

Send enriched network metrics and flow summaries to Datadog for infrastructure monitoring and APM correlation.

📄️ New Relic

Deliver network flow telemetry to New Relic for full-stack observability alongside application performance data.

📄️ VMware Aria Operations for Logs

Forward enriched flow and SNMP data into VMware Aria for unified infrastructure log management.

📄️ Elastic

ECS-compatible output for Elastic SIEM and observability stacks. Full support for Kibana dashboards and detection rules.