Jump to Content
Docs
API Recipes
API Reference
Release notes
🏁 Quickstart Guides
Log In
Docs
Log In
Moon (Dark Mode)
Sun (Light Mode)
Docs
API Recipes
API Reference
Release notes
🏁 Quickstart Guides
Diagram: GCP Integration to Fusion
Search
🏁 Quick Start
Welcome to Netography Fusion
Home
Fusion Portal Layout
✋ Need More Help?
Quickstart: AWS
🎥 Video Guides
Create S3 bucket
Create the SNS topic
Create the SQS queue
Subscribe to Amazon SNS topic
Create IAM policy
Create custom role
Create an event notification
Enable VPC flow logs
Add AWS as a new traffic source in Fusion
Add context integration to Fusion
Enable DNS query logging in AWS
Add DNS as a traffic source in Fusion
Quickstart: GCP
Diagram: GCP Integration to Fusion
🎥 Video Guides
Enable VPC flow logs
Create a Pub/Sub topic
Logging sink design patterns
Create a Logging Sink Pub/Sub for the topic
Create a Pub/Sub pull subscription
GCP service account permissions
Add Netography as a principal
Add GCP as a new flow source in Netography Fusion
Add context integration to Fusion
Adding DNS as a Traffic Source
Quickstart: Azure
Set working subscription
Register Microsoft Insights Provider
Create a storage account
Create a flow log
Add Azure VNet as a new flow source in Netography Fusion
Add Context Integration to Fusion
🎥 Quickstart: Events
🎥 Quickstart: Dashboards
API Reference
Ingest Network Traffic Logs
Ingest Flow Logs
Azure NSG Flow Logs Setup
Azure NSG Setup (Resource Manager method)
Azure Virtual network (VNet) Flow Log Setup
AWS VPC via S3 Setup (CloudFormation method)
AWS VPC via S3 Setup (AWS Console method)
AWS S3 Transit Gateway Flow Logs
AWS VPC via Kinesis Setup
GCP VPC Flow Logs via Pub/Sub Setup
IBM Cloud VPC Flow Logs via Cloud Object Storage Setup
Oracle Cloud VCN Flow Logs via Cloud Object Storage Setup
Ingest DNS Logs
Use DNS in Fusion
AWS Route 53 DNS Logs via S3 Setup (Console)
Cisco Umbrella DNS Logs via S3 Setup (Console)
GCP Cloud DNS Logs via Pub/Sub Setup
Ingest NetFlow & sFlow
Ingest NetFlow/sFlow from network devices via direct UDP
Ingest NetFlow/sFlow via the NetoFlow Connector
NetFlow and sFlow
NetoFlow Connector
Enrich Traffic with Context
Configure Context Integrations
AWS
Axonius
Azure
Claroty
CrowdStrike Falcon Discover
CrowdStrike Falcon Protect
CSV via S3
Device42
GCP
IBM Cloud
Microsoft Defender
Oracle Cloud Infrastructure
RunZero
SentinelOne
Tanium
Tenable
Wiz
Understand Context Labels
NetoFuse
Automate Responses
Automating Response in Fusion
Configuring Response Integrations
AWS Route 53 (Response Integration)
Big Panda
BGP
Blocklist
CrowdStrike
Email
Flowspec
Flowspec (Custom)
Microsoft Teams
NS1
Pagerduty
Panther
Slack
Splunk
Sumo Logic
Twilio
RTBH
Webhook
Syslog
Configuring Response Policies
Response Integration Blocks Dashboard
Detection Models
Detection Models Overview
Detection Model Configuration
Detection Model Quick Reference Guide
Adding a Detection Model
Auto Thresholding
🎥 Building Custom Detection Models in 10 minutes
Detection Model Library
Attack
external_tcp_4444
interactive_login_bad_rep
interactive_login_itar
internal_tcp_4444
long_inbound_https_bad_rep
outbound_tcp_4444
tor_connection_external_internal
Brute Force
dcerpc_brute_external_internal
dcerpc_brute_internal_external
dcerpc_brute_internal_internal
ftp_brute_external_internal
ftp_brute_internal_external
ftp_brute_internal_internal
imap_brute_external_internal
imap_brute_internal_external
imap_brute_internal_internal
kerberos_brute_internal_internal
kerberos_user_enumeration
mongodb_brute_external_internal
mongodb_brute_internal_external
mongodb_brute_internal_internal
mssql_brute_external_internal
mssql_brute_internal_external
mssql_brute_internal_internal
mysql_brute_external_internal
mysql_brute_internal_external
mysql_brute_internal_internal
pop3_brute_external_internal
pop3_brute_internal_external
pop3_brute_internal_internal
postgres_brute_external_internal
postgres_brute_internal_external
postgres_brute_internal_internal
rdpbrute_external_internal
rdpbrute_internal_external
rdpbrute_internal_internal
redis_brute_external_internal
redis_brute_internal_external
redis_brute_internal_internal
smb_brute_external_internal
smb_brute_internal_external
smb_brute_internal_internal
sshbrute_external_internal
sshbrute_internal_external
sshbrute_internal_internal
winrmbrute_external_internal
winrmbrute_internal_external
winrmbrute_internal_internal
Denial of Service
ackflood
chargenreflect
cldapreflect
codreflection
dns_amplification_participation
dnsattack
dnsreflection
fin_flood
icmpflood
memcachereflection
mssqlreflection
netbiosreflect
ntpreflect
psh_flood
ripreflection
rstflood
slpreflection
snmpreflection
srcdsreflection
ssdpreflect
sunrpcreflection
synflood
tp240_phone_home_reflection_ddos
urg_flood
Informational
6in4tunnel
alltcpflags
badprotocol
communication_to_itar_countries
ethoverip
ip_options_abuse
ipmi
ipmi
largeicmp
tcp_dnstunneling
tcpfrag
tcpnull
udpfrag
unusual_protocol
Misconfiguration
9090_external_internal
cups_browsed_external_internal
dns_query_returned_loopback
external_access_of_smb
external_kerberos_access
external_ldap_access
external_printing_connections
external_snmp_sweep
fortinet_management_external_internal
internal_socks5_proxy
msrdp
outbound_database_exfil
outbound_ftp_traffic
outbound_imap_traffic
outbound_ldap_traffic
outbound_pop3_traffic
outbound_printing
outbound_rejected_traffic
outbound_smb_spike
outbound_smb_traffic
outbound_snmp_sweep
outbound_telnet_traffic
rdp_external_internal
registered_ports_ext_int
ssh_external_internal
Operational Governance
anydesk_usage
bitcoin_node_internal_external
bittorrent
bittorrent_tracker_internal_external
bittorrent_transfer_external_internal
bittorrent_transfer_internal_external
bittorrent_user
connectwise_usage
external_1801
external_socks5_proxy
external_tcp_44818
external_udp_2222
file-sharing_apple-icloud
file-sharing_dropbox_detection
file-sharing_idrive_detection
file-sharing_mega-service
file-sharing_microsoft-onedrive
file-sharing_wetransfer
gotoresolve_usage
internal_tor_relay
ipfs_usage
irctraffic
messaging_apple-push
messaging_discord
messaging_disqus
messaging_facebook-messenger
messaging_google-chat
messaging_icq
messaging_infobip
messaging_jpush
messaging_kakaotalk
messaging_kik
messaging_messagebird
messaging_meta-messaging
messaging_pushover
messaging_rocket-chat
messaging_samsung-push
messaging_signal
messaging_sinch
messaging_snapchat
messaging_stream-io
messaging_telegram
messaging_threema
messaging_wechat
messaging_whatsapp
messaging_zalo
outbound_6in4tunnel
outbound_ethoverip
outbound_teredo
outbound_teredo_spike
social_discourse_detection
social_instagram_detection
social_linkedin_detection
social_meta_detection
social_okcupid_detection
social_reddit_detection
social_tiktok_detection
social_tinder_detection
social_twitter_detection
teamviewer_usage
third_party_vpn_usage
tor_connection_internal_external
unusual_open_tcp_ports
vpn_usage_internal_external
Post-Compromise
anomalous_traffic_dns
anomalous_traffic_itar
anomalous_traffic_mega
anomalous_traffic_s3
anomalous_traffic_ssh
coinminer_detection
comm_with_malware_external_internal
comm_with_malware_internal_external
communication_to_bad_rep
communication_to_malware
cups_browsed_internal_external
dga_suspected
dlp-china
dlp-russia
dns_lookup_tunneling
dnstunneling
external_http_beacon
external_https_beacon
external_nonhttp_beacon
external_tcp_12345
fortinet_management_internal_internal
ip_lookup_attempt
ipmi_default_dumphashes
kerberosting_internal_internal
large_internal_smb_download
large_internal_smb_download
long_dns_connection
outbound_ping
rdp_internal_external
sinkhole_detection
tcp_123
torrent_usage_detection
uncommon_icmp_reject
wkpsrcdst
Reconnaissance
3000_scan_external_internal
3000_scan_internal_external
3000_scan_internal_internal
8060_scan_external_internal
8060_scan_internal_external
8060_scan_internal_internal
8888_scan_external_internal
8888_scan_internal_external
8888_scan_internal_internal
9090_scan_external_internal
9090_scan_internal_external
9090_scan_internal_internal
backupexec_scan_external_internal
backupexec_scan_internal_external
backupexec_scan_internal_internal
censys_scanning
connscan
connscan_external_internal
connscan_internal_external
connscan_internal_internal
esxi_internal_slp_scan
ftp_scan_external_internal
ftp_scan_internal_external
ftp_scan_internal_internal
http_scan_internal_external
http_scan_internal_internal
imap_scan_external_internal
imap_scan_internal_external
imap_scan_internal_internal
internal_snmp_sweep
ipmi_scan_external_internal
ipmi_scan_internal_external
ipmi_scan_internal_internal
ivantiava_scan_external_internal
ivantiava_scan_internal_external
ivantiava_scan_internal_internal
kerberos_scan_external_internal
kerberos_scan_internal_external
kerberos_scan_internal_internal
kibana_scan_external_internal
kibana_scan_internal_external
kibana_scan_internal_internal
ldap_scanning_inside_to_outside
ldap_scanning_internal
ldap_scanning_outside_to_inside
local_zone_enumeration
mesvcdesk_scan_external_internal
mesvcdesk_scan_internal_external
mesvcdesk_scan_internal_internal
mongodb_scan_external_internal
mongodb_scan_internal_external
mongodb_scan_internal_internal
msmq_tcp_scan_external_internal
msmq_tcp_scan_internal_external
msmq_tcp_scan_internal_internal
msmq_udp_scan_external_internal
msmq_udp_scan_internal_external
msmq_udp_scan_internal_internal
mssql_scan_external_internal
mssql_scan_internal_external
mssql_scan_internal_internal
mysql_scan_internal_external
mysql_scan_internal_external
mysql_scan_internal_internal
neo4j_scan_external_internal
neo4j_scan_internal_external
neo4j_scan_internal_internal
nmapfingerprint
ping_scan_ext-int
ping_scan_int-ext
ping_scan_int-int
pop3_scan_external_internal
pop3_scan_internal_external
pop3_scan_internal_internal
port_1433_scanning_internal
port_1433_scanning_outbound
port_445_scanning_internal
port_445_scanning_outbound
port_62078_scanning_outbound
port_8443_scanning_internal
port_8443_scanning_outbound
portscan
psql_scan_external_internal
psql_scan_internal_external
psql_scan_internal_internal
qualys_scanning
rdp_scanning_inside_to_outside
rdp_scanning_internal
rdp_scanning_outside_to_inside
redis_scan_external_internal
redis_scan_internal_external
redis_scan_internal_internal
rockwellics_tcp_scan_external_internal
rockwellics_tcp_scan_internal_external
rockwellics_tcp_scan_internal_internal
rockwellics_udp_scan_external_internal
rockwellics_udp_scan_internal_external
rockwellics_udp_scan_internal_internal
rstscan
scanner_rwth_aachen_univ
shadowserver_scanning
shodan_scanners
smartinst_scan_external_internal
smartinst_scan_internal_external
smartinst_scan_internal_internal
ssh_scan_internal_external
ssh_scan_internal_internal
synscan_external_internal
synscan_internal_external
synscan_internal_internal
teamviewer_inside_to_outside
teamviewer_out_to_inside
teamviewer_scanning_internal
veeam_scan_external_internal
veeam_scan_internal_external
veeam_scan_internal_internal
vnc_scanning_inside_to_outside
vnc_scanning_internal
vnc_scanning_outside_to_inside
weblogic_scan_external_internal
weblogic_scan_internal_external
weblogic_scan_internal_internal
xmastree
System
clocksync
flowrate
noflow
Threat Intelligence
Detection Categories
Dashboards
About Dashboards
System Dashboards
Bandwidth Management
Flow Outages
Peering Analytics
Audit Log Activity
DNS Overview
Initial Home
Network Overview
Response Integration Blocks
Security Overview
Traffic Overview
Manage Dashboards
Custom Dashboards
Add a Dashboard
Edit Dashboard Settings
Edit a Dashboard
Schedule Dashboard
About Widgets
About Widget Containers
Manage Widgets
Add a Widget
Edit a Widget
Copy a Widget
Delete Widget
Widget Categories & Widget Types
Using the Fusion Portal
Events
Settings
About Settings
Account
Overview
Billing
Audit Logs
Customers
Manage Customers
My Profile
Details
Personalization
Activity
Security
User Management
API Keys
Add API Key
API Shared Secret
Roles
Add Role
Edit Role
Global Security/SSO Page
SSO with GSuite
SSO with Auth0
SSO with Okta
SSO with PingOne
Data Management
Traffic Sources
Context Integrations
Context Labels
Flow Tags
Traffic Classification
Netography Query Language
NQL Overview and Syntax
NQL Quick Reference Guide
NQL Keywords
NQL Presets
NQL Examples
How to find available NQL fields
🎥 Video: NQL in 10 Minutes
Netoflow connector
About NetoFlow
🏁 Quickstart: Run NetoFlow
Install NetoFlow (container)
Install NetoFlow (Linux package)
Configure NetoFlow
Reading statistics from NetoFlow API
Security Considerations
Netofuse
About NetoFuse
Get Started
Install
Run NetoFuse
Scheduling NetoFuse
NetoFuse Modules
Axonius
Claroty
Device42
Local File
Microsoft
RunZero
Tanium
Tenable
Wiz
Custom Modules
Configure NetoFuse
NetoFuse CLI
NetoFuse Context Transforms
Security Considerations
Diagram: GCP Integration to Fusion
Suggest Edits
Updated 5 months ago
