RiskIQ Threat Enrichment is Generally Available with ElastiFlow 5.1

New Features

• The RiskIQ integration to enrich flow records with threat details and autonomous system attributes is now generally available, and can be used in large scale production environments.

• The ability to configure index.lifecycle.rollover_alias has been added for the Elasticsearch output, when it is used with Elastic's X-Pack ILM rollover features. The configuration option is EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_ROLLOVER_ALIAS.

Update June 2024: Since publishing this post, ElastiFlow has launched NetIntel, a product that enhances and enriches flow data with significantly more threat intelligence information. NetIntel leverages our global deployment of proprietary network traffic sensors and ML-based analytics. RiskIQ will no longer be supported by Microsoft as of July 2024.