This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Sflow vs Netflow, how do I configure in RSA log appliance?

RSAAdmin
Beginner
Beginner

‎2014-11-07 12:16 PM

We have over 80% of Brocade switches.  I want to configure sflow in our RSA logging appliance.  How do I do this?  I only see netflow being supported.  Thanks

0 Likes
1 REPLY 1

Anonymous
Not applicable

‎2014-11-07 05:07 PM

Hi Daniel,

 

sFlow is not supported and is currently not on the roadmap.

 

sFlow is sampled, and while very useful for traffic monitoring performance use cases, it isn't ideal for the security use cases that we are trying to address in Security Analytics.  If it is only sending 1 in 10 or 1 in 100 entries, there is a very good chance we would miss a malicious connection.

 

With Netflow we can address cases such as a development machine accessing a finance server or tracking the lateral movement of a threat on the internal network.  We wouldn't be able to address these using sFlow

 

Thanks,

Guy

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.