Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Favorite *flow tool? - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Favorite *flow tool?
A general question -- what is your favorite NetFlow tool and why?

What do you get out of the $$ that you don't get from the free ones? (and, I guess, vice-versa)

(to include all the flow telemetry variants: sFlow, Jflow, IPFIX, Flexible Netflow, etc.)


Nfdump it supports almost all the formats. And the frontend nfsen give you a nice tcpdump like search syntax. Also there are some interesting plugins for the front and backend. joshlinx

4 Posts
We recently deployed Stealthwatch and have been pretty impressed with it. It's fairly simple to setup and I've been happy with the reporting features and different dashboards that you can setup. Only thing I didn't like is that it's licensed by flow count so you need to have a good idea of how many flows per second you'd generate across your network. I know other flow collectors are licensed by the number of sources it receives flows from so you'd need to look at what gives you the biggest bang for your buck.


3 Posts

Sign Up for Free or Log In to start participating in the conversation!