Splunk NetFlow Integration

Flow Data Analysis for Virtual and Physical Network Intelligence and Security

NetFlow Logic developed a suite of products for effective integration of the NetFlow Optimizer (NFO) core processing engine with Splunk Enterprise or Splunk Cloud products for advanced operational intelligence and security.

NetFlow Optimizer generated syslogs can also be streamed to Splunk Enterprise Security (ES) analytics-driven SIEM system that provides insight into machine data, helping to improve overall network security. With help of this SIEM system you can capture, monitor, and report on data from devices, systems, and applications across your environment. NFO-provided flow data has all the necessary CIM-compliant field names and tags to be visible in the Traffic Center dashboard, and to be used in correlation searches generating notable events for tracking threat sources.

NetFlow Applications Deployment

All NetFlow Logic Splunk Apps rely on the Technology Add-on for NetFlow for ingestion and indexing syslogs generated by NetFlow Optimizer.

Splunk NetFlow Integration

Technology Add-on for NetFlow

This Add-on must be installed on Splunk Indexers and Search heads in order for NFO to work with Splunk. It collects NetFlow data processed by NetFlow Optimizer, and then this data is visualized by the Netflow Analytics for Splunk App or Splunk Enterprise Security App. The Technology Add-on for NetFlow is downloadable from Splunkbase at https://splunkbase.splunk.com/app/1838/.

NetFlow and SNMP Analytics for Splunk App*

This App must be installed on Splunk Search heads. It contains visualization dashboards and information for alerting.
Downloadable from Splunkbase at https://splunkbase.splunk.com/app/489/.

V2P Network Visibility App*

This App must be installed on Splunk Search heads. It contains visualization dashboards for NFO V2P Network Visibility Module.
Downloadable from Splunkbase at https://splunkbase.splunk.com/app/2824/.

NetFlow-based DDoS Detection App*

Contact us at info@netflowlogic.com to get information regarding installing and using this app.

Splunk Enterprise Security App

This SIEM system was developed by Splunk and can be downloaded from Splunkbase at https://splunkbase.splunk.com/app/263/.

* Requires both NFO and Technology Add-on for NetFlow.