Aviatrix Security

Security visibility and analytics for Aviatrix Distributed Cloud Firewall in Splunk. Provides CIM-compliant field extractions and six pre-built dashboards for SIEM/SOC teams monitoring multi-cloud network security. Dashboards included: - Security Overview: Executive security posture with KPIs, threat timeline, top blocked destinations, and gateway block rates - Traffic Analysis: L4/L7/FQDN traffic patterns, top sources/destinations, and protocol breakdown - Threat Detection: IDS alert severity, Suricata signature analysis, and source/destination correlation - Policy Enforcement: L7 policy hits, allow/deny ratios, and domain analysis - Gateway Health: CPU, memory, disk, and network throughput monitoring per gateway - Audit Trail: Controller API changes, user activity, and success/failure tracking Supported log types: - Aviatrix Cloud Firewall L4 micro-segmentation logs - Aviatrix Cloud Firewall L7 TLS/SNI inspection logs - Aviatrix Cloud Firewall IDS alerts (EVE JSON) - Gateway network and system statistics - Cloud Native Security Fabric API audit logs CIM data models supported: Network Traffic, Intrusion Detection, Change Analysis Requires the companion TA-aviatrix add-on for field extractions and CIM compliance. Logs are ingested via the Aviatrix SIEM Connector using Splunk HEC (HTTP Event Collector).