Version: Next

Integrations & Apps

NetFlow Optimizer (NFO) is designed to be the "intelligent bridge" between your raw network infrastructure and your security and operations platforms. By normalizing, enriching, and reducing massive volumes of network telemetry in real-time, NFO ensures that your SIEM, SOAR, and Observability tools receive high-fidelity, actionable data without the "noise" of raw flow logs.

The NFO Integration Advantage

Integrating NFO with your existing ecosystem provides three core benefits:

1. Universal Data Normalization

NFO converts disparate telemetry (NetFlow v5/v9, IPFIX, sFlow, Cisco ASA/NVZ, AWS/Azure/GCP Flow Logs) into standardized, CIM-compliant (Splunk) or ECS-compatible formats. This allows you to use a single set of dashboards and alerts regardless of your hardware vendor.

2. Significant Cost Reduction

Raw flow logs can be prohibitively expensive to ingest into cloud-based SIEMs like Microsoft Sentinel or Splunk Cloud. NFO performs Deduplication and Intelligent Aggregation at the edge, reducing data volume by up to 80% while retaining 100% of the analytical value.

3. Real-Time Enrichment

Before data reaches your app, NFO enriches it with:

Geo-IP Location: City, Country, and Latitude/Longitude.
Threat Intelligence: High-risk IP reputation scores.
Identity Context: Mapping IP addresses to active users and hostnames.

Integration Architecture

NFO fits seamlessly into your existing data pipeline. Whether you are pushing data to a local indexer or a cloud-based API, the flow remains consistent:

Ingest: NFO receives raw telemetry from routers, switches, firewalls, and cloud VPCs.
Process: The NFO engine performs enrichment, correlation (e.g., DDoS detection), and volume reduction.
Output: NFO pushes formatted JSON, Syslog, or HEC data to your chosen platform.
Visualize: Pre-built NFO Apps and Content Packs provide instant visibility through expert-designed dashboards.

Supported Platforms

Select your platform below to access deployment guides, dashboard walkthroughs, and technical specifications.

Platform	Integration Type	Key Use Case
Splunk	App & Technology Add-on	Security Analytics, ITSI, and Network Monitoring.
Microsoft Sentinel	Data Connector & Workbooks	Cloud Security Operations and Log Cost Management.
CrowdStrike	Falcon LogScale Integration	Correlating Endpoint EDR with Network Visibility.
SentinelOne	DataSet / Scalyr Integration	High-performance observability for distributed environments.
Cloud Providers	AWS, Azure, Google Cloud	Monitoring multi-cloud traffic and VPC egress costs.

The NFO Integration Advantage​

1. Universal Data Normalization​

2. Significant Cost Reduction​

3. Real-Time Enrichment​

Integration Architecture​

Supported Platforms​