Fl0wer is an extremely powerful and flexible Network Intelligence software platform conceived to solve network visibility problems and network protection issues, to verify proper usage of company resources and to be used as a network blackbox to track all traffic metadata and solve otherwise unnoticed problems. The Fl0wer platform is structured as a typical client/server solution, with a licensed server data collector (receiving data from Netflow/IPFIX and sFlow V5 flow exporters) and open-source CLI Tools, GUI Client (Fl0werUI) and well documented JSON API to interact and handle data.

It runs on common 64 bit Linux platforms (releases for other Unixes like Solaris, AIX, NetBSD, etc. are available on demand), it is extremely scalable with enterprise class features and performance, has full support for IPv4 and IPv6 and it has an extremely low TCO. It is written in multithreaded C language and can scale both vertically and horizontally. It includes a LUA interpreter that can execute a customizable script for each processed flow.

While its engine is a licensed product, all the data it saves and the JSON API interface are fully documented; CLI Tools and GUI Application are Open Source, allowing for unmatched integrations, customizations and data feeding to Analytics like ELK, Splunk, Graphite or Apache HADOOP, just to name a few. It exploits the power of Netflow V1, V5, V9, IETF/IPFIX and sFlow V5 technologies to achieve its goals. 
No Java, DB or bloatware required.

What can you do with Fl0wer ?

• Setup a full-featured Netflow/IPFIX distributed network monitoring infrastructure in minutes, not days !
• Have a crystal clear bird’s eye view of the traffic on your network with enriched data
• Seamless real-time integration with your favorite Analytics (ELK, Splunk, etc.) or OLAP for meaningful security data lake feeding
• Create a matrix of all flows crossing your network and check if it fits your packet filtering policies
• Have a near-realtime Risk Index on the traffic of your network
• React in near-real timeover traffic matches using the integrated LUA Engine to execute custom or system scripts
• Define policies for VPN, Tunnels, SNMP monitors, DNS, NTP, BGP and SDNs so you can check user compliancy to company policies
• Detect horizontal and vertical network scans inside your network
• Automate checking for TOR or P2P traffic
• Take a network status snapshot for internal or third party investigation
• Make cloud migrations a breeze having a detailed view of IP network traffic matrix
• Automate checks of internal/external network traffic with IP bogons and Bad Reputation IP addresses
• Track network resources usage
• Now with Netflow/IPFIX Traffic Deduplication !
• Build your packet-filtering policies based on facts and be sure to not forget anything

Other Fl0wer Applications ?

The application fields are endless, here are just some ideas.

• Eases network migrations
• Find most used Networks
• Find most used Apps

• Network blackbox
• SIEM Analytics feeder
• Snapshot your network

• BYOD/IoT networks usage
• Check your firewall policy effectiveness
• Find Bandwidth hogs

• Spot unnoticed details
• Full IPv4 and IPv6 support
• React on traffic patterns

What you can do with it:

Control

• Understand what’s happening on your networks in near-realtime*, with full IPv4 and IPv6 support. See last N network flows (Network State Table).
• Track all your network traffic from all your view-points (Netflow Exporters). Get real network visibility over time. Improve your BYOD or IoT security.
• Use the included NPAR engine (Network Probabilistic Application Recognition) to classify all IPv4 and IPv6 traffic in near-realtime with a precision > 90%.
• GeoReference your traffic using advanced MaxMind databases (available separately from MaxMind ).
• Check near-realtime* usage of Social Networks or other Internet/Intranet Applications.
• Detect near-realtime* top-talkers, most used protocols, TOR & P2P usage, most used subnets and more.
• See instantly relationships between IP Addresses (who talks to who).
• Respect your user/customer privacy: no user-contents are analyzed since only the flow metadata is provided as input.
• Use it as a unique tool to help designing packet-filtering rules in existing networks.
• Use it as a unique tool to help network or cloud migrations.
• Let it build a Flow Matrix to match or create your packet-filtering rules.

Analyze

• Discovery of critical devices in your network: Routers, Storage, Web and Mail.
• Use Network snapshots to take an instant view of your network status. Simple, fast, portable, shareable.
• Export your data to anything you want (JSON, CSV, Oracle, SQLite, etc.).
• Petabytes of data ? Use JSON or CSV to feed your favourite Big Data Number Cruncher or SIEM.
• Got some brilliant ideas ? Write your own tool using the JSON API or, if not possible, let’s talk about it !

React

• Use active, user-customizable, action scripts for every flow/template with the integrated LUA Engine. Detect near-realtime* and react immediately if certain types of traffic are matched. Start tracking data exfiltrations.
• Use Traffic Rules for consolidated actions to do on known traffic patterns: detect near-realtime* and alert if certail types of traffic are matched.

Open Data & Tools

• Open Source CLI Tools and GUI Application, JSON API, with full C & Python 3 sources and examples.
• Open Source and scalable binary data format
• Open Source JSON & CSV data formats for easy integration with your favourite tools.
• Pre-built clients are provided for Linux, Windows and Mac OSX.
• Proven & Secure client-server model with TLS 1.2/AES-256 strong encryption, with full IPv6 support, for apps & data.

Affordable

• Field-tested with support for Cisco, Juniper, Palo Alto, Mikrotik, Ubiquiti, Fortinet, Huawei, Checkpoint GAIA, Sophos UTM, pfSense, opnSense, Watchguard, Stormshield, OpenVSwitch, VMWARE ESX & NSX Distributed VSwitch, Citrix XenServer, SoftFlowd, etc.
• Based on proven Industry & Open standards: Netflow V1/V5/V9/IPFIX.
• Available on Linux Debian/Ubuntu and RedHat/CentOS.
• Oracle Solaris, IBM AIX, NetBSD and other ports are available on demand.
• High performance (more than 200000 FPS on a dual Intel X5670 Xeon acting as NPAR collector only).
• Scalable software (runs from an APU2 to large X64 to a multicore Sun SPARC T5220 and more).
• Very low-cost, with an astonishing TCO against competition products.
• No software or license limits, hardware is the limit.

Got some ideas or need something specific ? Let’s get in touch !

You can improve your Netflow/IPFix knowledge on the book “Mastering Network Flow Traffic Analysis” available on Amazon at this link: https://www.amazon.it/dp/9365890268/ref=nosim

Cisco, Palo Alto, Juniper, Intel, MaxMind, Oracle, Netflow, Citrix, PcEngines, SPARC, Ubiquiti, Huawei NETSTREAM, Checkpoint GAIA, Sophos, VMWARE and all other names are properties and trademarks of their respective owners.