Analytics with AWS VPC Flow Logs
To provide better support for network security, we’re introducing Flow Logs monitoring for the Amazon Virtual Private Cloud.
What are VPC Flow Logs?
VPC Flow Logs is a feature that enables you to capture information on the IP traffic moving to and from network interfaces in your VPC.
The information captured includes details on:
Allowed and Denied traffic (based on security group and network ACL rules)
Source and Destination IP addresses
IANA protocol number
Packet and Byte counts
Time interval for observing the flow
Action (ACCEPT or REJECT)
Why Flow Logs are important?
By logging all the traffic, root cause analysis(RCA) can reveal malicious traffic moving around your network. It also helps system analysts identify latencies, estimate performance baselines, and tweak system performance. Flow Logs can reveal flow duration and latency, and bytes transferred, which allows users to quickly identify performance issues and deliver a better user experience.
How We Help
Customized Dashboards for real time traffic flows
Enrichment of captured traffic data with a layer of in-built threat intelligence
Customized heat maps, widgets, reports, and notification features based on threshold values of network parameters
Easy to implement use cases, as per security, business, and user requirements
Incoming traffic from known malicious sources
A chart or a widget that gives a clear view of the known malicious sources from an external threat feed in the last 24 hours.
A geographic representation of different types of malicious activity encountered within the VPC infrastructure in the last 24 hours and the countries they are originating from.
Top 10 hosts sending outbound traffic
View outbound network activity for the top 10 source IP addresses, over the last 24 hours.
Inbound network activity
View the overall inbound network activity for the source host IP address, over the last 24 hours.