Solutions at a Glance
The table below shows which Modules need to be enabled to turn on NetFlow Optimizer specific solutions.

Amazon AWS VPC Flow Logs Module Set

Module Name (nfc_id)
Description
This Module reports EC2 instances and hosts with the most traffic. It enriches IP addresses with EC2 names, VPC names, and AWS regions.
This Module reports Amazon VPC Flow Logs ingested from CloudWatch (using Kinesis or CWL API) or S3 translating them one-to-one.

Microsoft Azure NSG Flow Logs

Module Name (nfc_id)
Description
This Module reports Azure Cloud VM and hosts with the most traffic. It enriches IP addresses with VM names, Virtual Network names, and regions.
This Module reports Azure NSG Flow Logs ingested from Microsoft Azure Cloud translating them one-to-one.

Google Cloud VPC Flow Logs Module Set

Module Name (nfc_id)
Description
This Module reports Google Cloud VM and hosts with the most traffic. It enriches IP addresses with VM names, VPC names, and regions.
This Module reports GCP VPC Flow Logs ingested from Google Cloud translating them one-to-one.

Network Conversations Monitor

Module Name (nfc_id)
Description
This Module reports consolidated network conversations. Optionally it stitches client-server request-response flows, reporting bytes and packets server-to-client and client-to-server in separate fields. It also calculates and reports conversation duration, direction (inbound / outbound), state (Begun, Continues, Ended), action (Accepted / Rejected), etc.

Network Traffic and Devices Monitor Module Set

Module Name (nfc_id)
Description
Reports top bandwidth consumers for each monitored subnet.
This Module reports TCP Health by detecting top hosts with the most TCP Resets.
This Module identifies hosts with the most connections.
This Module reports top Host Pairs network conversations.
This Module reports traffic for all DSCP bits combinations (QoS).
This Module reports traffic by all Autonomous Systems (AS).
This Module identifies hosts with the most traffic.
This Module identifies hosts with the most packets.

Enhanced Traffic Monitor

Module Name (nfc_id)
Description
This Module identifies hosts with the most traffic and reports Reputation and Geo locations of source and destination hosts at Country level.

Enhanced Traffic Monitor 2

Module Name (nfc_id)
Description
This Module identifies hosts with the most traffic and reports Reputation and Geo locations of source and destination hosts at City level. It also reports TCP session duration.

Security Module Set

Module Name (nfc_id)
Description
This Module identifies hosts with most traffic, and reports them with their geographical locations.
This Module monitors traffic originated from known Command and Control hosts (C&C) or directed to these hosts. The list is published by Emerging Threats (http://www.emergingthreats.net/).
This Module enables you to setup your own threat lists, public or private, and report traffic originated from or directed to the malicious hosts in these threat lists.
This Module uses a host reputation database from Alienvault (https://cybersecurity.att.com/) to report communications with malicious peers.
This Module monitors traffic originated from known threat lists (published by Dshield.org) specified as IP blocks, list of domains, or IP addresses.

Email Module Set

Module Name (nfc_id)
Description
This Module detects internal hosts infected with spam malware.
This Module detects external hosts sending excessive email traffic to your organization.
This Module detects internal hosts running unauthorized mail servers.
This Module detects external hosts sending emails rejected by internal mail servers.

Services Monitor Module Set

Module Name (nfc_id)
Description
This Module monitors DNS servers and reports DNS server statistics based on DNS traffic.
This Module monitors DNS users and reports DNS usage statistics based on DNS traffic.
This Module monitors traffic to selected services and matches communications to a list of authorized peers.
This Module monitors services performance characteristics.

Cisco AnyConnect Traffic Monitor

Module Name (nfc_id)
Description
This Module reports Cisco AnyConnect NVM Flow Logs with logged user information.

Cisco AVC Module Set

Module Name (nfc_id)
Description
This Module provides a list of most active applications by traffic.
This Module provides a list of most active applications and users by traffic, including source and destination IP addresses.

Cisco ASA Module Set

Module Name (nfc_id)
Description
This Module provides a list of top network bandwidth consumers operating on the internal network.
This Module provides a list of most popular destinations measured by the traffic.
This Module provides a list of firewall policies violators.
This Module provides top N (by the number of connections) consumers (users).

Palo Alto Networks Module Set

Module Name (nfc_id)
Description
This Module provides a list of top network bandwidth consumers operating on the internal network.
This Module provides a list of top network bandwidth destinations.
This Module provides a list of top firewall policies violators.
This Module provides a list of most active hosts by the number of initiated connections.
This Module provides a list of most active applications by traffic.
This Module provides a list of most active applications and users by traffic, including source and destination IP addresses.
This Module reports hosts for top Applications by bandwidth.
This Module reports top Host Pairs network conversations for top Applications by bandwidth.

VMware Module Set

Module Name (nfc_id)
Description
This Module reports top network conversations in VM environment.
This Module identifies VMs with the most traffic.

Micro-segmentation Analytics

Module Name (nfc_id)
Description
This Module is used for analyzing “east-west” and “north-south” traffic and provides information for micro-segmentation planning.

NSX Distributed Firewall Monitoring Module Set

Module Name (nfc_id)
Description
This Module provides a list of top network bandwidth consumers operating on the internal network.
This Module provides a list of most popular destinations measured by the traffic.
This Module provides a list of firewall policies violators.
This Module provides top N (by the number of connections) consumers (users).

Utilities Module Set

Module Name (nfc_id)
Description
This Module reports NetFlow sampling information.
This Module reports SNMP information.
This Module enables you to build OID sets for SNMP polling and reporting, using built-in SNMP polling service (supports SNMP v2c and v3).
This Module enables you to report SNMP traps using built-in SNMP service (supports SNMP v2c and v3).