NetFlow is a summarized record format for network communication flows that captures metadata about who talked to whom, when, and how much. It matters because security teams often need scalable network visibility without storing every raw packet in full.
What is NetFlow?
Flow telemetry can reveal patterns of scanning, exfiltration, lateral movement, or unusual service usage. It is widely used in security operations because it is lighter than full packet capture while still providing valuable behavioral insight.
What NetFlow Commonly Supports
Common uses include anomaly detection, traffic baselining, network visibility, incident triage, and performance analysis.
NetFlow vs. Full Packet Capture
NetFlow summarizes communication metadata. Full packet capture retains the underlying packet detail and sometimes content itself.
Frequently Asked Questions
Why is NetFlow useful?
Because it scales well and still shows important patterns about communication between systems.
Can NetFlow replace PCAP?
No. It is complementary: great for patterns and triage, but not always enough for deep content-level investigation.
