is it possible to correlate netflow\sflow data? I am trying to create correlation rule, that should hit when there will be a communication to particular address. For example:
When I send traffic log from my firewall, then rule works, but when information about communication is only available from sFlow\netflow data source - rule does not work.
I am using ESM 9.1.3.
This will be a feature of 9.2 to be released at the end of this quarter.