A method for correlating discarded network traffic with network policy events in a network includes receiving a flow record. The flow record includes initial network flow information in a standard flow record format. Discarded network traffic information associated with each network policy is received from a network policy enforcement device. Network traffic is discarded based on a network traffic policy. The received flow record is correlated with the received discarded network traffic information. The discarded network traffic information is encoded into the received flow record based on the correlation while maintaining the initial network flow information to yield an enhanced flow record.