To perform a complete investigation and analysis of a security event, you might want to monitor the entire network activities in detail. Sentinel leverages ArcSight SmartConnectors that help you monitor your enterprise network by collecting IP Flow data (NetFlow, IPFIX, JFlow, sFlow, and so on) in your network. SmartConnectors collect IP Flow data from network devices such as routers, switches, and firewalls.
IP Flow data describes basic information about all the network connections between hosts, including transmitted packets and bytes. This helps you to visualize the behavior of individual hosts or the entire network.