> ## Documentation Index
> Fetch the complete documentation index at: https://docs.onefirewall.com/llms.txt
> Use this file to discover all available pages before exploring further.

# NetFlow Security

> Guide to integrate and utilize OneFirewall's NetFlow Security Analysis API

**NetFlow Security Analysis** is a cutting-edge sub-product of **OneFirewall Alliance**, built to provide **real-time network metadata analysis**. It offers visibility into **allowed** and **blocked** traffic at your organization's perimeter — giving you a proactive edge in identifying potentially malicious activity that bypassed traditional security controls.

> OneFirewall leverages proprietary threat intelligence from its Cybersecurity Alliance to detect **previously allowed traffic** that has since been identified as **malicious**.

***

## 🔐 Getting Started

To begin using **NetFlow Security Analysis**, follow the steps below:

### 1. Account and Licensing

* Ensure you have an active **OneFirewall account** (on-prem or cloud).
* Verify that your account includes:
  * A **valid license** for NetFlow Security Analysis.
  * Proper **permissions** to access API functionalities.

❗ If you don’t have access, please reach out to **OneFirewall Support**.

### 2. Generate Your API Token

Once you have access:

* Navigate to your **profile settings** on the OneFirewall platform.
* Generate an **API token** which will be used to authorize your requests.

***

## 📡 Sending Network Metadata

To send traffic data for analysis, use the following API endpoint:

### POST Request

```
import requests
import json

url = "https://app.onefirewall.com/api/v1/poc_traffic/direct"

payload = json.dumps({
  "firewall": "fortinet",
  "direction": "inbound",
  "dst_ip": "192.168.0.1",
  "service": "org1",
  "src_port": 3435,
  "dst_port": 443,
  "src_ip": "94.22.73.32",
  "action": "Allow"
})
headers = {
  'Authorization': '',
  'Content-Type': 'application/json'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

```

* firewall: Name of your firewall or IPS
* direction: `inbound` or `outbound`
* src\_ip / dst\_ip: Source and destination IPv4 addresses
* src\_port / dst\_port: Source and destination port numbers
* service: Human-readable name of the service
* action: `Allow` or `Deny`

#### Response Codes

* 200 OK – Request accepted
* 201 Created – Resource created and queued for analysis
* 4xx – Error in request (e.g., malformed payload or invalid token)

#### ⏱️ Rate Limiting

You can send multiple requests, but be aware of the following limits:

* 🔄 150 requests per 10 seconds
* Requests beyond this rate will be throttled or rejected

### 📊 View Live Reports

After sending the traffic metadata, you can monitor results live:

1. Go to [https://app.onefirewall.com](https://app.onefirewall.com)
2. Navigate to the Live section
3. View real-time analysis and threat assessments

<img src="https://mintcdn.com/onefirewall/7guFu20M_sXWrG3T/images/report1.png?fit=max&auto=format&n=7guFu20M_sXWrG3T&q=85&s=9d5cfc202fd7b5bdb2e4e9a4780c9456" width="2820" height="1162" data-path="images/report1.png" />

<img src="https://mintcdn.com/onefirewall/7guFu20M_sXWrG3T/images/report2.png?fit=max&auto=format&n=7guFu20M_sXWrG3T&q=85&s=ae893bc9b540c374657172278bab28a5" width="2808" height="1192" data-path="images/report2.png" />

<img src="https://mintcdn.com/onefirewall/7guFu20M_sXWrG3T/images/report3.png?fit=max&auto=format&n=7guFu20M_sXWrG3T&q=85&s=679988305b40452ee816e621b5645d78" width="2818" height="748" data-path="images/report3.png" />

### 🧠 Why Use OneFirewall?

According to the OneFirewall Value Proposition Report, NetFlow Security Analysis helps your organization:

1. ✅ Detect malicious activity that slipped past traditional security layers
2. ✅ Gain visibility into blocked and allowed traffic across your perimeter
3. ✅ Leverage global threat intelligence from the Cybersecurity Alliance
4. ✅ Strengthen your zero-trust strategy with data-driven insights