Splunk NetFlow Integration
Flow Data Analysis for Virtual and Physical Network Intelligence and Security
NetFlow Logic developed a suite of products for effective integration of the NetFlow Optimizer (NFO) core processing engine with Splunk Enterprise or Splunk Cloud products for advanced operational intelligence and security.
NetFlow Analytics for Splunk App
Enables real-time network visibility by providing dashboards to understand application usages, utilization of network resources, and improve security posture. The App provides valuable network analytics based on Splunk CIM-compliant flow data from any vendor optimized and enriched by NFO.
V2P Network Visibility for Splunk App
Provides unique dashboards for visibility between the virtual overlay and physical networking layers. Calculates in real-time the health and failure risk of physical network resources. Shows VM-to-VM or VM-to-physical host network path and how it is affected by network outages.
NetFlow Based DDoS Detection for Splunk App
Extends the use of network flow data for security applications. Detects Network Traffic Anomaly and DDoS attacks. Uses built-in multi-expert machine learning algorithms to reduce false-positives. Enables risk mitigation by identifying attackers and victims.
NetFlow Optimizer generated syslogs can also be streamed to Splunk Enterprise Security (ES) analytics-driven SIEM system that provides insight into machine data, helping to improve overall network security. With help of this SIEM system you can capture, monitor, and report on data from devices, systems, and applications across your environment. NFO-provided flow data has all the necessary CIM-compliant field names and tags to be visible in the Traffic Center dashboard, and to be used in correlation searches generating notable events for tracking threat sources.
NetFlow Applications Deployment
Technology Add-on for NetFlow
This Add-on must be installed on Splunk Indexers and Search heads in order for NFO to work with Splunk. It collects NetFlow data processed by NetFlow Optimizer, and then this data is visualized by the Netflow Analytics for Splunk App or Splunk Enterprise Security App.
The Technology Add-on for NetFlow is downloadable from Splunkbase at https://splunkbase.splunk.com/app/1838/.
NetFlow Analytics for Splunk App*
This App must be installed on Splunk Search heads. It contains visualization dashboards and information for alerting.
Downloadable from Splunkbase at https://splunkbase.splunk.com/app/489/.
V2P Network Visibility App*
This App must be installed on Splunk Search heads. It contains visualization dashboards for NFO V2P Network Visibility Module.
Downloadable from Splunkbase at https://splunkbase.splunk.com/app/2824/.
NetFlow-based DDoS Detection App*
Contact us at firstname.lastname@example.org to get information regarding installing and using this app.
Splunk Enterprise Security App
This SIEM system was developed by Splunk and can be downloaded from Splunkbase at https://splunkbase.splunk.com/app/263/.
* Requires both NFO and Technology Add-on for NetFlow.