Key Features
    Monitoring of AWS via VPC Flow Logs
      Ability to read VPC Flow Logs from Kinesis or CloudWatch or S3
      Ability of supporting many AWS accounts, VPCs, and AWS regions with one NFO EC2 instance
      Enrichment of flow records with VPC name, EC2 instance name, DNS name, and AWS region
    Monitoring of Microsoft Azure NSG Flow Logs
      Ability to read Azure NSG Flow Logs
      Ability of supporting many Azure storage accounts, accessing NSG Flow logs via Service Principle or System-assigned Managed Identity
      Enrichment of flow records with Virtual Network name, VM name, DNS name, and Azure region
    Monitoring of Google Cloud Platform (GCP) VPC Flow Logs
      Ability to read GCP VCP Flow Logs
      Ability of supporting many GCP Service accounts and projects
      Enrichment of flow records with VPC Network name, Subnetwork name, Instance name, DNS name, and GCP zone
    Monitoring of network device health
      Identification of overload conditions
      With our SNMP polling
        CPU utilization
        Memory utilization
        Tracking of interface errors
        Dropped packets counter
        Flapping interface identification
      Latency / Jitter
    Application visibility via flow from
      AWS VPC Flow logs
      Palo Alto Network devices
      Cisco ASA
      Cisco devices generating AVC
      Any exporter based on known destination ports
      Identifies security threats and traces current known threat sources
      Enriches flow data with current Reputation and GEO IP information
      Drill in to see which hosts are affected
      Enables you to look back in time for forensic investigation by setting a NetFlow Recorder rolling period of time
    Virtual network / physical network visibility for customer of both Splunk and VMware
      Pinpoints physical devices and interfaces impacting VM performance, on a Splunk dashboard
      Reconstructs paths VM-to-VM and VM-to-host conversations over the underlying physical network
    Unmatched performance utilizing patented technology
      Capable of processing 1,000,000 flows per second without a single drop
      Can process up to 350,000 flows per second with consolidation
    Real-time consolidation of flow data enables customers to store and index only a fraction of volume and at the same time gain all benefits of flow information without losing accuracy
    Capable to process any standard flow protocols, NetFlow v5/v9, Flexible NetFlow, NetFlow Options, IPFIX, sFlow (both data records and counter records), J-Flow, NetStream
    Enriches flow data with real-time DNS, SNMP information, VMware vCenter, current Reputation, and GeoIP information
    Flexible and extensible SNMP Traps support and SNMP Polling capabilities
    Deduplication: optionally report flows only from authoritative router/switch. Authoritative network device is determined as the one that sees the most flows for each communicating pair. This is recalculated every 30 seconds (by default, and could be changed), thus providing accurate information in a dynamic network environment
    Modular approach enables customers to enable and configure features to address their specific use cases
    Each Module has its own converter, allowing the format of output independently from Module logic (default is Splunk CIM compliant syslog)
    NFO is a software solution. Same code base for Windows and Linux, as well as virtual appliance
    Built-in Services:
      NetFlow Capture and Replay – enables you to look back in time. You can set rolling *flow capture and replay period of time, and store *flows in memory or on disk, then press <Replay> button to send these records in syslog or JSON format to your SIEM to gain complete visibility of past network traffic
      DNS – add FQDN names to IP addresses
      SNMP Polling
      SNMP Traps support
      Original Flow Data conversion – enables one-to-one *flow to syslog or JSON translation. Allows the naming of IPFIX Enterprise private information elements
    Supports up to 16 output destinations, which could be configured to send out various types of data (e.g. retransmit flows to a legacy flow collector, while producing analytics to be sent to Splunk)
    NFO can be configured via our GUI or REST API. Useful to customers with a large number of locations
    Integration with Active Directory. Supports Two Factor Authentication

Compatibility with other systems

As NetFlow Optimizer outputs flow data in standard syslog or JSON format, it is easily consumed by any syslog analyzer or SIEM system. In the sections below you will find details about various components available from NetFlow Logic for integration with Splunk, Exabeam, Elastic, and VMware vRealize Log Insight.
Last modified 2mo ago