Axoflow
NetFlow Optimizer (NFO) seamlessly integrates with Axoflow, the autonomous security data layer. This integration enables you to take NFO’s enriched network telemetry and insert it into a professional-grade observability pipeline for advanced routing, long-term "cold" storage, and multi-destination delivery.
Why Use NFO with Axoflow?
While NFO excels at reducing and enriching flow data, Axoflow provides the "Management Plane" to control where that data goes and how it is treated throughout its lifecycle.
- Unified Security Data Layer: Consolidate NFO’s network insights with other logs (Cloud, Endpoint, App) inside Axoflow to create a single, normalized source of truth.
- Intelligent Routing: Send high-priority security alerts to your SIEM (Splunk/Sentinel) while routing high-volume troubleshooting data to low-cost storage like Amazon S3 or AxoLake.
- Schema Normalization: Automatically transform NFO’s JSON output into the specific schemas required by downstream tools like Google SecOps or OpenObserve.
- Pipeline Observability: Gain "single-pane-of-glass" visibility into your data flow, including real-time metrics on ingestion rates, delays, and delivery health.
How It Works
The integration utilizes the AxoRouter, a high-performance component that sits between NFO and your final destinations.
- Generate: NFO processes raw flows and applies your chosen Modules (e.g., Network Conversations).
- Stream: NFO sends this enriched data via Syslog/UDP to a local or cloud-based AxoRouter.
- Process: Axoflow classifies and curates the data, applying any custom filters or transformations you define in the AxoConsole.
- Deliver: The data is routed to one or more destinations, such as a SIEM, a Data Lake, or an AI-powered analytics platform.
Get Started
Deployment & Configuration
Follow our step-by-step guide to installing AxoRouter and configuring the NFO output.