Configure network flow logs to be ingested by Fusion by following the instructions below. If this is your first time configuring Fusion, the Quick Start Guides for AWS, Azure, & GCP are the best place to start for end-to-end steps.

If you want to ingest NetFlow, sFlow, or IPFIX from network devices, see Ingesting NetFlow, sFlow, & IPFIX to Fusion.

Flow Log Sources

AWS - VPC Flow Logs

• Quickstart: AWS (VPC flow logs, Route 53 DNS logs, & context enrichment)
• AWS VPC via S3 Setup (CloudFormation method)
• AWS VPC via S3 Setup (AWS Console method)
• AWS VPC via Kinesis Setup

AWS - Transit Gateway Flow Logs

• AWS Transit Gateway Flow Logs

Azure - VNet Flow Logs

• Quickstart: Azure (VNet flow logs & context enrichment)
• Azure Virtual Network (VNet) Flow Log Setup (Azure Console method)

Azure - NSG Flow Logs

• Azure NSG Setup (Azure Console method)
• Azure NSG Setup (Resource Manager method)

GCP - VPC Flow Logs

• Quickstart: GCP (VPC flow logs, Cloud DNS logs, & context enrichment)
• GCP via Pub/Sub Setup

IBM Cloud - VPC Flow Logs

• IBM Cloud via Cloud Object Storage Setup

Oracle Cloud - VCN Flow Logs

• Oracle Cloud Infrastructure via Cloud Object Storage Setup

Onboarding Automation

🤖

Using Terraform to automate onboarding

Access Netography's Terraform automation at our GitHub repo: https://github.com/netography/neto-onboarding. For access to the repo, email your GitHub ID to [email protected].

The instructions linked from this page are suitable for onboarding one or a small number of cloud accounts manually or using as a reference for building automation for larger scale deployment. In addition to these instructions, Netography provides a Terraform project, neto-onboard, that provides Netography Fusion Cloud Onboarding Automation for AWS Organizations, Azure Tenants, and GCP Organizations.

Each cloud has 2 Terraform deployment options - full and simple.

The simple deployment deploys all the resources needed to integrate the cloud to Fusion and perform context enrichment in a deployment. You specify a target set of accounts/subscriptions/projects at deployment-time. You can redeploy the automation to change the scope of monitoring or when you need to onboard new accounts or networks to Fusion. This is suitable for a trial or if you have a relatively static cloud environment or one with a limited number of accounts and networks.

The full deployment provides the following:

• Enables and configure AWS VPC flow logs, Azure VNet flow logs, and GCP VPC flow logs based on a simple policy and tags that defines which VPC/VNet are in scope.
• Deploy all the infrastructure required to integrate to Fusion across multiple accounts (AWS), subscriptions (Azure), and projects (GCP) in a single deployment
• Adds VPCs/VNets configured for flow logging to Netography Fusion as traffic sources.
• Deploys a single AWS Lambda function, Azure Function, or Google Function that provides context enrichment across all the accounts/subscriptions/projects as an outbound push from your cloud to the Fusion API, eliminating the need to add context integrations from the Fusion portal, to grant Netography permissions to directly enumerate resource properties, or to add individual context integrations in Fusion for each cloud account.
• Monitor for VPC/VNet changes and trigger enabling and configuring flow logs, and onboarding to Fusion new VPCs/VNets that are in scope, and offboarding VPCs/VNets that are removed or no longer in scope.