1 Reply Latest reply on Jan 17, 2013 11:13 AM by jaimen

    Is it possible to correlate netflow\sflow data?

    artek

      Hello,

       

      is it possible to correlate netflow\sflow data? I am trying to create correlation rule, that should hit when there will be a communication to particular address. For example:

       

      ESM05.PNG

       

      When I send traffic log from my firewall, then rule works, but when information about communication is only available from sFlow\netflow data source - rule does not work.

       

      I am using ESM 9.1.3.

       

      Regards,

      Artur Sadownik