Exabeam
The integration of NetFlow Optimizer (NFO) with Exabeam empowers security teams to identify complex threats by combining deep network telemetry with User and Entity Behavior Analytics (UEBA). By streaming enriched network flows into the Exabeam New-Scale SIEM, you can move beyond simple log monitoring to true behavioral detection.
Enhanced Behavioral Analytics
NFO provides the critical "Network Layer" context that Exabeam needs to build accurate behavioral baselines.
- Lateral Movement Detection: Detect when a user account suddenly accesses unusual internal resources or uses non-standard protocols—indicative of credential theft or internal reconnaissance.
- Data Exfiltration Visibility: Identify large, outbound data transfers to unknown or malicious external IPs, automatically linked to specific internal users.
- Network Session Enrichment: NFO enriches every flow with usernames and hostnames before it hits Exabeam, ensuring that analysts see who is communicating, not just what IP.
- Optimized Ingestion: By aggregating redundant flows at the NFO Module level, you reduce the noise and storage costs in your Exabeam Data Lake while retaining all forensic value.
Integration Architecture
NFO serves as the primary network data source for the Exabeam platform.
- Ingest: NFO collects standard flow data (NetFlow, sFlow, IPFIX) from your infrastructure.
- Enrich & Aggregate: Data is processed through NFO Modules (e.g., Network Conversations) to add user identity and reduce volume.
- Forward: Enriched JSON logs are sent to the Exabeam Site Collector or directly to the Exabeam Data Lake.
- Detect: Exabeam applies its analytics engine to the NFO data, triggering alerts for anomalous network behavior.
Get Started
Deployment & Configuration
Learn how to configure the Exabeam Site Collector and NFO outputs for seamless integration.