Skip to main content
Version: Next

Solution Components

Cloud Flow Logs Processing

ComponentPlatformDescription
NetFlow Optimizer (NFO) RLS 2.8.xAWS AMI, Linux or WindowsThis is a processing engine for any flow data: NetFlow, IPFIX, sFlow, J-Flow, AWS or GCP VPC Flow Logs, etc. Available for Windows, Linux, or as Virtual Appliance. Downloadable from https://www.netflowlogic.com/downloads/. AMI image for AWS https://aws.amazon.com/marketplace/pp/B084SNHSXH/
External Data Feeder for NFO (EDFN) RLS 2.8.xAWS AMI, Linux or WindowsVPC Flow Logs are ingested by an EDFN agent, and sent to NFO via UDP. EDFN is included in NFO installer.
AWS VPC Flow Logs ModulesNetFlow Optimizer 2.8.0There are two NFO Modules designed specifically for AWS VPC Flow Logs. AWS VPC Flow Logs Modules are included in NFO installer.
Azure NSG Flow Logs ModulesNetFlow Optimizer 2.8.0There are two NFO Modules designed specifically for Azure NSG Flow Logs. Azure NSG Flow Logs Modules are included in NFO installer.
GCP VPC Flow Logs ModulesNetFlow Optimizer 2.8.1There are two NFO Modules designed specifically for GCP VPC Flow Logs. GCP VPC Flow Logs Modules are included in NFO installer.

Visualization, Reporting, and Alerting

ComponentPlatformDescription
NetFlow Analytics for Splunk (Splunk App)Splunk Enterprise or Splunk CloudThe App includes AWS and VPC Flow Logs dashboards, accessible by going to App menu: Cloud > AWS > or Coud > GCP. Downloadable from https://splunkbase.splunk.com/app/489/
Technology Add-on for NetFlow (Splunk Add-on)Splunk Enterprise or Splunk CloudSplunk TA to be installed on Splunk indexer and search head. Downloadable from https://splunkbase.splunk.com/app/1838/