Network flow data

richard_davidsson · March 17, 2022, 8:14am

I do like the possibility to gain additional insights into the network with the network sensors.

However in our environment we have a lot of different locations spread across the world, some sites are big and some extremely small.

For one or another reason, in some of these locations we are not able to put additional hardware - like a server to use as a network sensor.

Would it be possible for IDR to also offer the possibility to ingest regular NetFlow and/or sFlow data from switches and other network devices?
Then it would be possible to forward that data directly from the switch to the IDR Collector without the need for additional hardware.
That would at least be something that me and my team would have a lot of use for.

/Richard

jclubb · February 28, 2024, 11:57pm

Any response @rapid7_admin @rapid_seven ?

david_smith · February 29, 2024, 1:05am

@jclubb @richard_davidsson this is currently not supported by the Network Sensor, we require a raw packet stream as opposed to Netflow or Sflow logs flowing into the sensor to generate IDS alerts and DNS/DHCP records

Deploying a sensor is the only supported method to achieve this today.