For Network IPS appliances, configure the collection of flow data to measure and investigate the amount and type of traffic on a network. The appliance sends the flow data to an external event collector.
Navigating in the Network IPS Local Management Interface:
Navigating in the SiteProtector™ system: select the Remote Flow Data Collection policy
The appliance receives flow data information from PAM in the form of PAMFlow. The appliance converts the PAMFlow data into the Internet Protocol Flow Information Export format (IPFIX). This conversion enables the appliance to send the flow data information to an external event collector. The appliance catalogs flow data by IP addresses (source and destination) and by port numbers.
The appliance sends events to the system log if there are errors with the flow data policy. You can find the system log at
.This feature was tested with the QRadar® SIEM developed by Q1 Labs®. You must update the QRadar SIEM to the newest version for some integration features to work. For more information, go to http://q1labs.com. Q1 Labs customers can go to http://partners.q1labs.com and sign in to DocCentral to view the documentation.