YAF (NetFlow)

The YAF (yet another flowmeter) data source ingests NetFlow data into Cloudera Cybersecurity Platform (CCP).

Not everyone wants to ingest pcap data due to space constraints and the load exerted on all infrastructure components. NetFlow, while not a substitute for pcap, is a high-level summary of network flows that are contained in the pcap files. If you do not want to ingest pcap, then you should at least enable NetFlow. CCP uses YAF to generate IPFIX (NetFlow) data from the CCP pcap probe, so the output of the probe is IPFIX instead of raw packets. If NetFlow is generated instead of pcap, then the NetFlow data goes to the generic parsing topology instead of the pcap topology.