We are new to NTBA and NS appliances, and are running NS9100 platform with NTBA configured and working. Currently, NTBA is capturing flows from the IPS inline interfaces. This is nice because it tells us more about the traffic we are securing with IPS.
But I would like to send flows from other network appliances such as our firewall and additional edge switches which the IPS is not necessarily inline with. It is my understanding that NTBA can be a flow collector (ala Scrutinizer), but this is not obvious out of the box. Am I correct in understanding this (before I got beating my head figuring out how to configure outside flow collection).
Also, am I correct in saying that the forensic features of digging through flow data is not that powerful w/ NTBA? For example, other netflow tools I have used can allow me to search for hosts and view all the flows related to specific hosts (IP based). I don't see on the RTTA similar search functionality. Instead, a basic dashboard "data dump" is shown (cool but not really what I care about). For me, the value of netflow is being able to investigate a specific host's network activity at a more basic level than PCAP.
I have reviewed the NTBA 8.2 Administrator's Guide but at first the info about collecting 3rd party flows was not jumping out at me. Before I dig deeper into the guide I figured I'd ask the community first if my assumptions are correct that I can point other network equipment to send flows to the NTBA appliance for collection....
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.