icon-carat-right menu search cmu-wordmark
Carnegie Mellon University

Fusing AWS VPC Flow Logs and Traditional Netflow

Presentation
By
Dan Ruef of the SEI presented this session at FloCon 2024.
Publisher

Software Engineering Institute

Topic or Tag

Abstract

Cloud Service Provider flow logs are not as comprehensive as netflow and application metadata from a traditional network sensor, but they do provide unique context and have significant value. This presentation will outline a strategy for fusing the two sources into one, while maintaining the visibility provided by both, and targeted updates to the NetSA tool suite to facilitate this capability.

Attendees Will Learn

  • Similarities and differences between traditional netflow from a sensor such as YAF or Zeek, and Cloud provider flow logs
  • How to efficiently fuse the two data sources into a single repository while maintaining the visibility provided by both.
SHARE
Download PDF
Part of a Collection

FloCon® 2024 Assets
Ask a question about this Presentation