Security visibility and analytics for Aviatrix Distributed Cloud Firewall in Splunk. Provides CIM-compliant field extractions and six pre-built dashboards for SIEM/SOC teams monitoring multi-cloud network security.
Dashboards included:
- Security Overview: Executive security posture with KPIs, threat timeline, top blocked destinations, and gateway block rates
- Traffic Analysis: L4/L7/FQDN traffic patterns, top sources/destinations, and protocol breakdown
- Threat Detection: IDS alert severity, Suricata signature analysis, and source/destination correlation
- Policy Enforcement: L7 policy hits, allow/deny ratios, and domain analysis
- Gateway Health: CPU, memory, disk, and network throughput monitoring per gateway
- Audit Trail: Controller API changes, user activity, and success/failure tracking
Supported log types:
- Aviatrix Cloud Firewall L4 micro-segmentation logs
- Aviatrix Cloud Firewall L7 TLS/SNI inspection logs
- Aviatrix Cloud Firewall IDS alerts (EVE JSON)
- Gateway network and system statistics
- Cloud Native Security Fabric API audit logs
CIM data models supported: Network Traffic, Intrusion Detection, Change Analysis
Requires the companion TA-aviatrix add-on for field extractions and CIM compliance. Logs are ingested via the Aviatrix SIEM Connector using Splunk HEC (HTTP Event Collector).