Elastic Stack

Integrating NetFlow Optimizer (NFO) with the Elastic Stack (Elasticsearch, Logstash, Kibana) provides a highly scalable and flexible environment for long-term network telemetry storage and deep forensic analysis. By transforming raw flows into enriched JSON events, NFO enables Elastic users to visualize network behavior with native Kibana dashboards.

The Power of NFO + Elastic

• Unified Security Analytics: Combine NFO’s network-layer insights with endpoint and cloud logs in Elastic Security to hunt for threats like data exfiltration and lateral movement.
• Enriched Context: Every flow is enriched with DNS names, User Identity (via VPN syslogs), and GeoIP data before reaching Elasticsearch, making your Kibana searches instantly meaningful.
• Cost-Efficient Ingestion: Leverage NFO’s Module-level aggregation to reduce your storage footprint by 80-90% without losing the ability to drill down into specific host conversations.
• Flexible Ingestion Paths: Choose between the lightweight Filebeat collector or the powerful Logstash engine to match your architectural requirements.

---

Get Started

Deployment & Configuration

Follow our guide to configure Filebeat or Logstash to receive NFO’s enriched JSON stream.