1 2 3 Previous Next 23 Replies Latest reply on Nov 22, 2016 7:54 AM by ecan007

    correlation rules based on s-flows

    ecan007

      I have a data source, which only shows flows of network traffic.

      When I try to create a correlation rule based on flows , I don't see any correlation or even alarms (created an alarm based on the use case signature).

      With events I never had any issue's, but I have the feeling that with flows it works different.

       

       

      siem2.png

       

      How do you correlation rules based on flows?

      (Events are events logged on a systems, flows is just network traffic passing by)

      When create an correlation rule and selecting flows, I don't get any results , but flows do come in .

      The datasource is s-flow

        1 2 3 Previous Next