Hello,
is it possible to correlate netflow\sflow data? I am trying to create correlation rule, that should hit when there will be a communication to particular address. For example:
When I send traffic log from my firewall, then rule works, but when information about communication is only available from sFlow\netflow data source - rule does not work.
I am using ESM 9.1.3.
Regards,
Artur Sadownik
1 Solution
Accepted Solutions
You Deserve an AwardDon't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
-
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
- Find Forum FAQs
- Learn How to Earn Badges
- Ask for Help
Join the Community
-
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:
- Get helpful solutions from McAfee experts.
- Stay connected to product conversations that matter to you.
- Participate in product groups led by McAfee employees.
Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA