Sentinel now leverages ArcSight SmartConnectors that help you monitor your enterprise network by collecting IP Flow data in addition to NetFlow data. SmartConnectors collect IP Flow data as events, which allow you to:
Use existing Collector Managers to collect IP Flow data. You no longer need NetFlow Collector Managers to collect NetFlow data.
Leverage IP Flow data in several areas of Sentinel such as visualizations, event routing, data federation, reports, and correlation.
Apply data retention policies to IP Flow data, which allows you to store this data for the desired duration.
After you upgrade Sentinel, you can either continue to use NetFlow capabilities or choose to configure IP Flow data collection. However, with the availability of IP Flow data collection and visualization capability, the previously available NetFlow capabilities including NetFlow views are now deprecated and will be removed in the future for better user experience.
Once you enable IP Flow data collection:
IP Flow data will be collected as events and therefore are considered for EPS count.
You will lose any NetFlow data collected prior to enabling IP Flow. The deprecated NetFlow system had a maximum retention of 3 days. You can retain the IP Flow events for as long as you need.
You cannot migrate the NetFlow data collected prior to enabling IP Flow into the IP Flow capability.
You cannot revert the configuration unless you re-install Sentinel.
You will be logged out of Sentinel Main and you need to log in again.
To configure IP Flow data collection:
Install and configure the ArcSight SmartConnector. While configuring, ensure that you configure the relevant SmartConnectors that collect IP Flow data.
For information about configuring SmartConnectors, see the Generic Universal CEF Collector documentation on the Sentinel Plug-ins Website.
In Sentinel Main > Collection > IP Flow, select Collect IP Flow data, and then click Enable.
NOTE:Since IP Flow events are now sent to Collector Manager, you no longer need to use NetFlow Collector Managers. Therefore, you can uninstall any existing NetFlow Collector Managers. For more information, see Uninstalling the NetFlow Collector Manager.