The flow standards NetFlow/IPFIX are available in many packet forwarding devices permitting to monitor networks in a scalable fashion. Based on these potentials, flow-based intrusion detection became more pronounced as it can be seamlessly integrated with respect to operational aspects. Exploiting these flow exporting techniques, recent years revealed promising research results, but mainly focusing on point solutions such as botnet or brute-force detection. Only few attempts tried to endeavor a general flow-based intrusion detector, and thus little is known about meaningful flow features and their ability to classify various attack types efficiently. In this paper, we work towards these challenges and seek for valuable features derivable from NetFlow/IPFIX data using Rough Set Theory. Moreover, the combination of flow features and log events is studied to further boost accuracy. Employing Machine Learning techniques, results show the obtained feature sets detect classic and modern attacks.