cloud-security

VPC Flow Logs

Definition

VPC Flow Logs capture metadata about IP traffic flowing through network interfaces in an AWS VPC, Azure VNet, or GCP VPC, recording source and destination IPs, ports, protocol, bytes transferred, and accept/reject decisions. Security teams analyze flow logs to detect unusual traffic patterns, identify lateral movement between subnets, and investigate data exfiltration.

Flow logs are a critical data source for network-based threat detection and are often streamed to SIEM platforms for correlation with other log sources.

Related Terms

CloudTrail

AWS CloudTrail

SIEM

Security Information and Event Management

NACLs

Network Access Control Lists

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product