NetFlow Optimizer (NFO) is a software-only processing engine for network flow data: NetFlow, IPFIX, sFlow, J-Flow, etc. NFO is not a NetFlow collector. It uses patented streaming technology that accepts network flow data from network devices (routers, switches, firewalls), applies map-reduce algorithms to the data to extract the information needed to address desired use cases, converts the processed data to syslog (or other formats such as JSON), then sends that useful information to your visualization platform or SIEM.
External Data Feeder for NFO (EDFN) is a remote component which serves as a knowledge base of information outside of the NetFlow domain. Its task is to provide NetFlow Optimizer with information generally unavailable in the data streams supplied by NetFlow/IPFIX exporters. It enables automatic updates of security threat lists, Geo IP information, and VM names for VMWare vCenter integration.
EDFN is comprised of a Platform and a collection of Agents each of which is designed to obtain information of a certain kind. The Platform provides a common interface for the Agents’ configuration and data exchange and serves as a conduit for delivering information collected by the Agents to the NetFlow Optimizer.
EDFN is packaged with NFO, and If NFO is installed on a server with access to the internet, EDFN is installed with it automatically. However, if NFO is installed on a server without internet access, a separate EDFN installation on a server with internet access is required, in which case it must be downloaded separately from NetFlow Logic’s web site – www.netflowlogic.com/download/).
NFO SNMP Support allows you to configure periodic SNMP Polling of hundreds of devices as well as receive SNMP Traps (you can upload your own MIBs if they are not included with the product). All received SNMP messages are converted into syslog or JSON format and sent to your visualization platform or IT Ops monitoring system.