Netflow logic
App Catalog

NetFlow Logic App for Sumo Logic

Real-time processing and analytics of flow data – NetFlow, sFlow, J-Flow, IPFIX, and Cloud Flow Logs (AWS, Azure, Google)

Get complete visibility of network traffic, analyzing network devices and interface loads. Identify applications and users that consume bandwidth; Identify impact of physical network devices and interface failures on the virtual and physical networks;  Identify security threats and trace known threat sources.

collect and centralize 1

Volume reduction

Real-time consolidation of flow data allows to store and index only a fraction of volume, and at the same time gain all benefits of flow information without losing accuracy.

icon parsing data 2 color 1

Flow data enrichment

Improves quality of the flow data by including additional valuable information such as DNS / host names, VM names, GeoIP, Applications, User identity, Security Reputation.

icon monitor release candidates 2 color 1

Comprehensive network view

Monitor and analyze all type of flow data (NetFlow, sFlow, J-Flow, IPFIX, and Cloud Flow logs) from various network devices in all of your on-prem and cloud locations on the same screen. Get complete communication visibility between all of your devices whether they are in your data center or in a 3rd party cloud data center.

valuable security insights 5

Improve security posture

The Application is not dependent on any specific threat signature or attack pattern and provides rapid, broad spectrum threat detection with low false positives.

app NetFlow Traffic Overview 1

NetFlow – Traffic overview

See a high-level view of your network traffic, whether it is in your data center or in the cloud. This dashboard shows top inbound, outbound, and internal traffic. View network traffic by protocol, users, and applications.

Use this dashboard to:

  • Identify top talkers and top listeners
  • See network traffic statistics by direction: inbound, outbound, and lateral (internal)
  • Report bandwidth consumers by protocol, users, and applications

Security Monitoring – Communications with malicious hosts

This dashboard enables your organization to analyze and prioritize network security event traffic. It shows blocked and allowed communications with malicious hosts, breaking them by inbound and outbound direction.

Use this dashboard to:

  • Identify inbound and outbound communications with malicious hosts
  • Report allowed and blocked traffic with bad actors
  • See traffic volumes (bytes sent and bytes received) to identify a possible data exfiltration
app Security Monitoring Communications with Malicious Hosts 1
app Security Monitoring Traffic Using Critical Ports 1

Security Monitoring – Traffic using critical ports

See your network conversations over critical ports, such as 21(ftp), 22(ssh), 23(telnet), 25(smtp), 50(re-mail-ck), 51(la-maint), and etc.

Use this dashboard to:

  • Monitor your DNS traffic with internal and external DNS servers
  • Identify abnormal DNS communications
  • See top traffic using critical ports, such as SSH, FTP, Telnet, etc.