What is HEAnet’s Client Netflow Portal?
The Client Netflow Portal is an SaaS application for analysis of network traffic data. It provides clients with graphs and metric dashboards for visualising the following data:
- Graph traffic to/from your network based on CIDR – ‘IP investigation’
- Botnet C&C traffic to/from your network via ‘Threat feed analysis’
- Specific port traffic, e.g. 3389 traffic, which could show compromised Windows RDP
- Traffic destination based on AS numbers/CDNs
You can view the traffic data using a range of different profiling dashboards:
Click thumbnails for full-size images
Where does the flow data to the Client Netflow Portal come from?
The netflow data is collected from HEAnet Transit/peering routers. The CNP architecture is tenanted per client, which can scale horizontally or vertically depending on ingestion of flow data and client queries. Client flow data is completely segregated in each tenant.
What traffic data is collected?
Flow data is collected as network packets transit routers on HEAnet’s core, this flow data is then augmented with other data types, correlated and stored in timeseries flow records, for example:
- SRC/DST IP address, Protocol, Port, Interface, IPv4/IPv6.
- GeoIP: To identify country, region and city of flow source and destination.
- BGP: Correlated with flow data to extract source and destination AS Path and community information on a per-flow basis to enable features such as Peering Analytics
The Client Netflow Portal provides a detailed analysis of your network traffic, so you can identify threats and DoS attack vectors, to help you improve security.
How do I access the data?
You can access stored traffic data through the Client Netflow Portal