Jump to Content
Docs
API Recipes
API Reference
Release notes
🏁 Quickstart Guides
Log In
Docs
Log In
Moon (Dark Mode)
Sun (Light Mode)
Docs
API Recipes
API Reference
Release notes
🏁 Quickstart Guides
Diagram: GCP Integration to Fusion
Search
🏁 Quick Start
Welcome to Netography Fusion
✋ Need More Help?
Quickstart: AWS
🎥 Video Guides
Create S3 bucket
Create the SNS topic
Create the SQS queue
Subscribe to Amazon SNS topic
Create IAM policy
Create custom role
Create an event notification
Enable VPC flow logs
Add AWS as a new traffic source in Fusion
Add context integration to Fusion
Enable DNS query logging in AWS
Add DNS as a traffic source in Fusion
Quickstart: GCP
Diagram: GCP Integration to Fusion
🎥 Video Guides
Enable VPC flow logs
Create a Pub/Sub topic
Logging sink design patterns
Create a Logging Sink Pub/Sub for the topic
Create a Pub/Sub pull subscription
GCP service account permissions
Add Netography as a principal
Add GCP as a new flow source in Netography Fusion
Add context integration to Fusion
Adding DNS as a Traffic Source
Quickstart: Azure
Set working subscription
Register Microsoft Insights Provider
Create a storage account
Create a flow log
Add Azure VNet as a new flow source in Netography Fusion
Add context integration to Fusion
🎥 Quickstart: Events
🎥 Quickstart: Dashboards
Ingesting Network Traffic Logs
Ingesting Flow Logs to Fusion
Azure NSG Flow Logs Setup
Azure NSG Setup (Resource Manager method)
Azure Virtual network (VNet) Flow Log Setup
AWS VPC via S3 Setup (CloudFormation method)
AWS VPC via S3 Setup (AWS Console method)
AWS S3 Transit Gateway Flow Logs
AWS VPC via Kinesis Setup
GCP VPC Flow Logs via Pub/Sub Setup
IBM Cloud VPC Flow Logs via Cloud Object Storage Setup
Oracle Cloud VCN Flow Logs via Cloud Object Storage Setup
Ingesting DNS Logs to Fusion
Using DNS in Fusion
AWS Route 53 DNS Logs via S3 Setup (Console)
GCP Cloud DNS Logs via Pub/Sub Setup
Ingesting NetFlow & sFlow to Fusion
Ingest NetFlow/sFlow from network devices via direct UDP
Ingest NetFlow/sFlow via the NetoFlow Connector
NetFlow and sFlow
NetoFlow Connector
Enriching Traffic with Context
Configuring Context Integrations
AWS
Axonius
Azure
Claroty
CrowdStrike Falcon Discover
CrowdStrike Falcon Protect
CSV via S3
Device42
GCP
IBM Cloud
Microsoft Defender
Oracle Cloud Infrastructure
RunZero
SentinelOne
Tanium
Tenable
Wiz
Understanding Context Labels
NetoFuse
Automating Response
Automating Response in Fusion
Configuring Response Integrations
AWS Route 53 (Response Integration)
Big Panda
BGP
Blocklist
CrowdStrike
Email
Flowspec
Flowspec (Custom)
Microsoft Teams
NS1
Pagerduty
Panther
Slack
Splunk
Sumo Logic
Twilio
RTBH
Webhook
Syslog
Configuring Response Policies
Response Integration Blocks Dashboard
Detection Models
Detection Models Overview
Detection Model Configuration
Detection Model Quick Reference Guide
Adding a Detection Model
Auto Thresholding
🎥 Building Custom Detection Models in 10 minutes
Threat Intelligence
Detection Categories
Dashboards
About Dashboards
About Widgets
System Dashboards
Bandwidth Management
Flow Outages
Peering Analytics
Audit Log Activity
DNS Overview
Initial Home
Network Overview
Response Integration Blocks
Security Overview
Traffic Overview
Manage Dashboards
Custom Dashboards
Add a Dashboard
Dashboard Page Settings
Add a Widget
Widget Options
Edit a Widget
Edit a Dashboard
Schedule Dashboard
Using the Fusion Portal
Home
Understanding the Portal Layout
Events
Settings
My Profile
User Management
Roles
Password Policy
Multi-Factor Authentication (MFA/2FA)
SAML / SSO
Configuring SSO with Auth0
Configuring SSO with GSuite
Configuring SSO with Okta
Configuring SSO with PingOne
Flow Tags
Traffic Classification
Netography Query Language
NQL Overview and Syntax
NQL Quick Reference Guide
NQL Keywords
NQL Presets
NQL Examples
How to find available NQL fields
🎥 Video: NQL in 10 Minutes
Netoflow connector
About NetoFlow
🏁 Quickstart: Run NetoFlow
Install NetoFlow (container)
Install NetoFlow (Linux package)
Configure NetoFlow
Reading statistics from NetoFlow API
Security Considerations
Netofuse
About NetoFuse
Get Started
Install
Run NetoFuse
Scheduling NetoFuse
NetoFuse Modules
Axonius
Claroty
Device42
Local File
Microsoft
RunZero
Tanium
Tenable
Wiz
Custom Modules
Configure NetoFuse
NetoFuse CLI
NetoFuse Context Transforms
Security Considerations
API
API Reference
Knowledge Base
Detection Models by Category
6in4tunnel
ackflood
alltcpflags
anomalous_traffic_dns
anomalous_traffic_itar
anomalous_traffic_mega
anomalous_traffic_s3
anomalous_traffic_ssh
anydesk_usage
badprotocol
bitcoin_node_internal_external
bittorrent
bittorrent_tracker_internal_external
bittorrent_transfer_external_internal
bittorrent_transfer_internal_external
bittorrent_user
censys_scanning
chargenreflect
cldapreflect
clocksync
codreflection
coinminer_detection
communication_to_bad_rep
communication_to_itar_countries
connectwise_usage
connscan
cups_browsed_external_internal
cups_browsed_internal_external
dcerpc_brute_external_internal
dcerpc_brute_internal_external
dcerpc_brute_internal_internal
dga_suspected
dlp-china
dlp-russia
dns_amplification_participation
dns_lookup_tunneling
dns_query_returned_loopback
dnsattack
dnsreflection
dnstunneling
esxi_internal_slp_scan
ethoverip
external_1801
external_access_of_smb
external_http_beacon
external_https_beacon
external_kerberos_access
external_ldap_access
external_nonhttp_beacon
external_printing_connections
external_snmp_sweep
external_socks5_proxy
external_tcp_12345
external_tcp_4444
external_tcp_44818
external_udp_2222
file-sharing_apple-icloud
file-sharing_dropbox_detection
file-sharing_idrive_detection
file-sharing_mega-service
file-sharing_microsoft-onedrive
file-sharing_wetransfer
fin_flood
flowrate
fortinet_management_external_internal
fortinet_management_internal_internal
ftp_brute_external_internal
ftp_brute_internal_external
ftp_brute_internal_internal
gotoresolve_usage
http_scan_internal_external
http_scan_internal_internal
icmpflood
imap_brute_external_internal
imap_brute_internal_external
imap_brute_internal_internal
interactive_login_bad_rep
interactive_login_itar
internal_snmp_sweep
internal_socks5_proxy
internal_tcp_4444
internal_tor_relay
ip_lookup_attempt
ip_options_abuse
ipfs_usage
ipmi_default_dumphashes
ipmi_scan_external_internal
ipmi_scan_internal_external
ipmi_scan_internal_internal
irctraffic
kerberos_brute_internal_internal
kerberos_scan_external_internal
kerberos_scan_internal_external
kerberos_scan_internal_internal
kerberos_user_enumeration
kerberosting_internal_internal
large_internal_smb_download
largeicmp
ldap_scanning_inside_to_outside
ldap_scanning_internal
ldap_scanning_outside_to_inside
local_zone_enumeration
long_dns_connection
long_inbound_https_bad_rep
memcachereflection
messaging_apple-push
messaging_discord
messaging_disqus
messaging_facebook-messenger
messaging_google-chat
messaging_icq
messaging_infobip
messaging_jpush
messaging_kakaotalk
messaging_kik
messaging_messagebird
messaging_meta-messaging
messaging_pushover
messaging_rocket-chat
messaging_samsung-push
messaging_signal
messaging_sinch
messaging_snapchat
messaging_stream-io
messaging_telegram
messaging_threema
messaging_wechat
messaging_whatsapp
messaging_zalo
mesvcdesk_scan_external_internal
mesvcdesk_scan_internal_external
mesvcdesk_scan_internal_internal
mongodb_brute_external_internal
mongodb_brute_internal_external
mongodb_brute_internal_internal
msmq_tcp_scan_external_internal
msmq_tcp_scan_internal_external
msmq_tcp_scan_internal_internal
msmq_udp_scan_external_internal
msmq_udp_scan_internal_external
msmq_udp_scan_internal_internal
msrdp
mssql_brute_external_internal
mssql_brute_internal_external
mssql_brute_internal_internal
mssqlreflection
mysql_brute_external_internal
mysql_brute_internal_external
mysql_brute_internal_internal
netbiosreflect
nmapfingerprint
noflow
ntpreflect
outbound_6in4tunnel
outbound_database_exfil
outbound_ethoverip
outbound_ftp_traffic
outbound_imap_traffic
outbound_ldap_traffic
outbound_ping
outbound_pop3_traffic
outbound_printing
outbound_rejected_traffic
outbound_smb_spike
outbound_smb_traffic
outbound_snmp_sweep
outbound_tcp_4444
outbound_telnet_traffic
outbound_teredo
outbound_teredo_spike
ping_scan_ext-int
ping_scan_int-ext
ping_scan_int-int
pop3_brute_external_internal
pop3_brute_internal_external
pop3_brute_internal_internal
port_1433_scanning_internal
port_1433_scanning_outbound
port_445_scanning_internal
port_445_scanning_outbound
port_62078_scanning_outbound
port_8443_scanning_internal
port_8443_scanning_outbound
portscan
postgres_brute_external_internal
postgres_brute_internal_external
postgres_brute_internal_internal
psh_flood
qualys_scanning
rdp_external_internal
rdp_internal_external
rdp_scanning_inside_to_outside
rdp_scanning_internal
rdp_scanning_outside_to_inside
rdpbrute_external_internal
rdpbrute_internal_external
rdpbrute_internal_internal
redis_brute_external_internal
redis_brute_internal_external
redis_brute_internal_internal
redis_scan_external_internal
redis_scan_internal_external
redis_scan_internal_internal
registered_ports_ext_int
ripreflection
rockwellics_tcp_scan_external_internal
rockwellics_tcp_scan_internal_external
rockwellics_tcp_scan_internal_internal
rockwellics_udp_scan_external_internal
rockwellics_udp_scan_internal_external
rockwellics_udp_scan_internal_internal
rstflood
rstscan
scanner_rwth_aachen_univ
shadowserver_scanning
shodan_scanners
sinkhole_detection
slpreflection
smartinst_scan_external_internal
smartinst_scan_internal_external
smartinst_scan_internal_internal
smb_brute_external_internal
smb_brute_internal_external
smb_brute_internal_internal
snmpreflection
social_discourse_detection
social_instagram_detection
social_linkedin_detection
social_meta_detection
social_okcupid_detection
social_reddit_detection
social_tiktok_detection
social_tinder_detection
social_twitter_detection
srcdsreflection
ssdpreflect
ssh_external_internal
ssh_scan_internal_external
ssh_scan_internal_internal
sshbrute_external_internal
sshbrute_internal_external
sshbrute_internal_internal
sunrpcreflection
synflood
synscan_external_internal
synscan_internal_external
synscan_internal_internal
tcp_123
tcp_dnstunneling
tcpfrag
tcpnull
teamviewer_inside_to_outside
teamviewer_out_to_inside
teamviewer_scanning_internal
teamviewer_usage
tor_connection_external_internal
tor_connection_internal_external
torrent_usage_detection
tp240_phone_home_reflection_ddos
udpfrag
uncommon_icmp_reject
unusual_open_tcp_ports
unusual_protocol
urg_flood
veeam_scan_external_internal
veeam_scan_internal_external
veeam_scan_internal_internal
vnc_scanning_inside_to_outside
vnc_scanning_internal
vnc_scanning_outside_to_inside
vpn_usage_internal_external
weblogic_scan_external_internal
weblogic_scan_internal_external
weblogic_scan_internal_internal
winrmbrute_external_internal
winrmbrute_internal_external
winrmbrute_internal_internal
wkpsrcdst
xmastree
Diagram: GCP Integration to Fusion
Suggest Edits
Updated about 1 month ago
