The table below shows which Modules need to be enabled to turn on NetFlow Optimizer specific solutions.
Module Name (nfc_id) | Description |
This Module reports EC2 instances and hosts with the most traffic. It enriches IP addresses with EC2 names, VPC names, and AWS regions. | |
This Module reports Amazon VPC Flow Logs ingested from CloudWatch (using Kinesis or CWL API) or S3 translating them one-to-one. |
Module Name (nfc_id) | Description |
This Module reports Azure Cloud VM and hosts with the most traffic. It enriches IP addresses with VM names, Virtual Network names, and regions. | |
This Module reports Azure NSG Flow Logs ingested from Microsoft Azure Cloud translating them one-to-one. |
Module Name (nfc_id) | Description |
This Module reports Google Cloud VM and hosts with the most traffic. It enriches IP addresses with VM names, VPC names, and regions. | |
This Module reports GCP VPC Flow Logs ingested from Google Cloud translating them one-to-one. |
Module Name (nfc_id) | Description |
This Module reports consolidated network conversations. Optionally it stitches client-server request-response flows, reporting bytes and packets server-to-client and client-to-server in separate fields. It also calculates and reports conversation duration, e.g. TCP session duration. |
Module Name (nfc_id) | Description |
Reports top bandwidth consumers for each monitored subnet. | |
This Module reports TCP Health by detecting top hosts with the most TCP Resets. | |
This Module identifies hosts with the most connections. | |
This Module reports top Host Pairs network conversations. | |
This Module reports traffic for all DSCP bits combinations (QoS). | |
This Module reports traffic by all Autonomous Systems (AS). | |
This Module identifies hosts with the most traffic. | |
This Module identifies hosts with the most packets. |
Module Name (nfc_id) | Description |
This Module identifies hosts with the most traffic and reports Reputation and Geo locations of source and destination hosts at Country level. |
Module Name (nfc_id) | Description |
This Module identifies hosts with the most traffic and reports Reputation and Geo locations of source and destination hosts at City level. It also reports TCP session duration. |
Module Name (nfc_id) | Description |
This Module identifies hosts with most traffic, and reports them with their geographical locations. | |
This Module monitors traffic originated from known Command and Control hosts (C&C) or directed to these hosts. The list is published by Emerging Threats (http://www.emergingthreats.net/). | |
This Module enables you to setup your own threat lists, public or private, and report traffic originated from or directed to the malicious hosts in these threat lists. | |
This Module uses a host reputation database from Alienvault (https://cybersecurity.att.com/) to report communications with malicious peers. | |
This Module monitors traffic originated from known threat lists (published by Dshield.org) specified as IP blocks, list of domains, or IP addresses. |
Module Name (nfc_id) | Description |
This Module detects internal hosts infected with spam malware. | |
This Module detects external hosts sending excessive email traffic to your organization. | |
This Module detects internal hosts running unauthorized mail servers. | |
This Module detects external hosts sending emails rejected by internal mail servers. |
Module Name (nfc_id) | Description |
This Module monitors DNS servers and DNS traffic. | |
This Module monitors traffic to selected services and matches communications to a list of authorized peers. | |
This Module monitors services performance characteristics. |
Module Name (nfc_id) | Description |
This Module reports Cisco AnyConnect NVM Flow Logs with logged user information. |
Module Name (nfc_id) | Description |
This Module provides a list of most active applications by traffic. | |
This Module provides a list of most active applications and users by traffic, including source and destination IP addresses. |
Module Name (nfc_id) | Description |
This Module provides a list of top network bandwidth consumers operating on the internal network. | |
This Module provides a list of most popular destinations measured by the traffic. | |
This Module provides a list of firewall policies violators. | |
This Module provides top N (by the number of connections) consumers (users). |
Module Name (nfc_id) | Description |
Top Bandwidth Consumers for Palo Alto Networks Firewall (20030) | This Module provides a list of top network bandwidth consumers operating on the internal network. |
Top Traffic Destinations for Palo Alto Networks Firewall (20031) | This Module provides a list of top network bandwidth destinations. |
Hosts with Most Policy Violations for Palo Alto Networks Firewall (20032) | This Module provides a list of top firewall policies violators. |
This Module provides a list of most active hosts by the number of initiated connections. | |
Bandwidth Consumption per Application for Palo Alto Networks Firewall (20034) | This Module provides a list of most active applications by traffic. |
Bandwidth Consumption per Application/User for Palo Alto Networks (20035) | This Module provides a list of most active applications and users by traffic, including source and destination IP addresses. |
This Module reports hosts for top Applications by bandwidth. | |
This Module reports top Host Pairs network conversations for top Applications by bandwidth. |
Module Name (nfc_id) | Description |
This Module reports top network conversations in VM environment. | |
This Module identifies VMs with the most traffic. |
Module Name (nfc_id) | Description |
This Module is used for analyzing “east-west” and “north-south” traffic and provides information for micro-segmentation planning. |
Module Name (nfc_id) | Description |
Top Bandwidth Consumers for NSX Distributed Firewall (20118) | This Module provides a list of top network bandwidth consumers operating on the internal network. |
Top Traffic Destinations for NSX Distributed Firewall (20119) | This Module provides a list of most popular destinations measured by the traffic. |
This Module provides a list of firewall policies violators. | |
Top Hosts with most Connections for NSX Distributed Firewall (20121) | This Module provides top N (by the number of connections) consumers (users). |
Module Name (nfc_id) | Description |
This Module reports NetFlow sampling information. | |
This Module reports SNMP information. | |
This Module enables you to build OID sets for SNMP polling and reporting, using built-in SNMP polling service (supports SNMP v2c and v3). | |
This Module enables you to report SNMP traps using built-in SNMP service (supports SNMP v2c and v3). |