Configure NFO AWS VPC Flow Logs Modules and EDFN Agent
There are two NFO Modules reporting AWS VPC Flow Logs ingested from S3, Kinesis or CloudWatch:
  • AWS VPC Flow Logs - reports VPC Flow Logs, translating them one-to-one in syslog or JSON formats, and enriching them with AWS data not reported in VPC Flow Logs natively
  • AWS Top Traffic Monitor – reports hosts with the most traffic. It consolidates VPC Flow Logs records over a period of time (the Data Collection Interval you choose) which all have the same combination of the following fields: Source IP, Destination IP, Source port, Destination port, and Layer 3 protocol. This information is provided per VPC ID. The Module also enriches flows with AWS data not reported in VPC Flow Logs natively.

Modules Configuration

In Modules Summary, click on AWS VPC Flow Logs.
Click on
to enable one or both Modules you want. Click on enabled Module to configure it further.
Both Modules are integrated with EDFN Agent - AWS VPC flow logs. The Agent is configured in NFO Input panel, or from NFO Modules configuration. Click on the Agent name to open its configuration.
You will be presented with the EDFN configuration screen.
Please see AWS VPC Flow Logs Input Configuration section for more details.
Last modified 1yr ago
Copy link