Component(s)

receiver/netflow

Is your feature request related to a problem? Please describe.

The netflow receiver currently captures a subset of the fields supported by the goflow2 package, as outlined in the README. Some of the remaining fields can be useful for security use cases. For example, TCP flags can be used to identify scans and attacks at the transport layer as scanners will sometimes send non-standard TCP flags to probe the network.

Describe the solution you'd like

Looking through the goflow2 proto, I believe these addition fields such as tcp_flags are available to be included. I do not have enough hands-on experience with Netflow to know if there are clear groupings that could be used as a way to enable these additional fields, i.e. the proto file groups them as IP and TCP special flags, but there could be a better naming convention for the config.

Describe alternatives you've considered

No response

Additional context

No response