We use CA NFA for netflow collection, can I forward the collected Netflow data to a SIEM for event correlation and analysis? Im trying to avoid, per BP, multiple destinations and feeds. we are using McAfee(Nitro) SIEM
You can use Flow Cloning to forward flows from a harvester to another server, see the tips below or the NFA Admin guide
Tech Tip: NFA 9.2.1 Flow Cloner Supports Different Destination Port
NFA 9.1.3 Setup Flow Cloner
Another option if the flow cloner doesn't do everything you need is
Samplicate (
http://eison.net/2012/08/samplicate-this-or-how-to-share-your-netflow/).
On Thu, Feb 5, 2015 at 11:10 AM, Christopher_Walsh <