Network Behavior Analytics for Splunk: TCP Flags & Connection Direction
Improvement
The Network Behavior Analytics for Splunk now forwards TCP flags from your network logs, giving AlphaSOC greater visibility into each connection.
- TCP flags included — Where present in your data (e.g. VPC flow logs), the
tcp_flagsfield is now forwarded to AlphaSOC alongside existing network data. - Connection direction — AlphaSOC uses TCP flags to derive connection state and direction, enabling clearer distinction between incoming and outgoing traffic and reducing false positives.