Configure network flow logs to be ingested by Fusion by following the instructions below. If this is your first time configuring Fusion, the Quick Start Guides for AWS, Azure, & GCP are the best place to start for end-to-end steps.

If you want to ingest NetFlow, sFlow, or IPFIX from network devices, see Ingesting NetFlow, sFlow, & IPFIX to Fusion.

Flow Log Sources

AWS - VPC Flow Logs

• Quickstart: AWS (VPC flow logs, Route 53 DNS logs, & context enrichment)
• AWS VPC via S3 Setup (CloudFormation method)
• AWS VPC via S3 Setup (AWS Console method)
• AWS VPC via Kinesis Setup

AWS - Transit Gateway Flow Logs

• AWS Transit Gateway Flow Logs

Azure - VNet Flow Logs

• Quickstart: Azure (VNet flow logs & context enrichment)
• Azure Virtual Network (VNet) Flow Log Setup (Azure Console method)

Azure - NSG Flow Logs

• Azure NSG Setup (Azure Console method)
• Azure NSG Setup (Resource Manager method)

GCP - VPC Flow Logs

• Quickstart: GCP (VPC flow logs, Cloud DNS logs, & context enrichment)
• GCP via Pub/Sub Setup

IBM Cloud - VPC Flow Logs

• IBM Cloud via Cloud Object Storage Setup

Oracle Cloud - VCN Flow Logs

• Oracle Cloud Infrastructure via Cloud Object Storage Setup

Onboarding Automation

🤖

Using Terraform to automate onboarding

Access Netography's Terraform automation at our GitHub repo: https://github.com/netography/neto-onboarding. For access to the repo, email support@netography.com. with your GitHub ID or with a request for access to the latest release package.

Netography provides a Terraform project, neto-onboarding, that provides Netography Fusion Cloud Onboarding Automation for AWS Organizations, Azure Tenants, and GCP Organizations.

This automation provides the following capabilties, which you can use in whole or part:

• Enables and configure AWS VPC flow logs, Azure VNet flow logs, and GCP VPC flow logs based on a simple policy and tags that defines which VPC/VNet are in scope.
• Deploy all the infrastructure required to integrate to Fusion across multiple accounts (AWS), subscriptions (Azure), and projects (GCP) in a single deployment
• Adds VPCs/VNets configured for flow logging to Netography Fusion as traffic sources.
• Deploys a single AWS Lambda function, Azure Function, or Google Function that provides context enrichment across all the accounts/subscriptions/projects as an outbound push from your cloud to the Fusion API, eliminating the need to add context integrations from the Fusion portal, to grant Netography permissions to directly enumerate resource properties, or to add individual context integrations in Fusion for each cloud account.
• Monitor for VPC/VNet changes and trigger enabling and configuring flow logs, and onboarding to Fusion new VPCs/VNets that are in scope, and offboarding VPCs/VNets that are removed or no longer in scope.