Introducing Universal Data Records
The secret of our speedy integration with Palo Alto Networks firewalls is our new Universal Data Records architecture. With Universal Data Records, we’ve made it even easier to take advantage of the Kentik Data Engine (KDE) data store’s ability to store, unify, and query disparate data types, mapping its flexible schema to an even wider set of traffic sources, and so to bring data integration (i.e. vendor, protocol, etc.) faster to the customers for actionable insights. This approach has many advantages, like storing vendor-specific flow fields, more capacity for Custom Dimensions, and even the ability to store non-flow records that don’t contain standard flow fields like IP addresses. That makes it much faster for us to expand the types of data sources ingested into KDE, enabling visibility into a wider range of customer networks and infrastructure.
Using Palo Alto Networks firewalls as an example, with Universal Data Records we can now accept all of the fields included in PAN NetFlow Templates. While most of those fields are IANA IPFIX standard, we also include two vendor-specific fields, App-ID and User-ID (see below), that we previously couldn’t have ingested or stored.
Flow data that identifies applications and users is extremely valuable, and with Universal Data Records our customers can now take full advantage of this data to get a complete end-to-end picture of network activity.