NetIQ Sentinel: Store full netflow data and ability to search and report individual flows

The current netflow allows for aggregates, but not the ability to do searches and return full flow details. If you want to know all the traffic that went from host a to be, and see the ports, volume of data xfered, on a tcp session the reason for teardown etc. you need full details. Today we get this data by capturing full session logs from firewalls which is not efficient.

The ability to apply data maps to those netflow sessions, so if you have a watch list you can trigger actions based on flow data.

by: cameron s. | over a year ago | Integrations

yes, the requested feature is a *must* for any modern SIEM product. My customers also highlighted the same multiple times.

by: Muhammad S. | over a year ago
I'm also running into this "lack of full netflow support" problem quite often with customers. Full Netflow support is a basic and key feature in SIEM products nowadays.

by: Timo S. | over a year ago

Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.

7

Store full netflow data and ability to search and report individual flows

Comments