Network Flow Collection
Â
Overview
At Armor we provide security value, data accessibility, visualizations, and dashboarding for your flow collection requirements. We are able to provide insights into packet count, quantity of data, and security rules which are specific to flow format collection. In addition, the Armor Anywhere Log and Data Management platform is able to store and search native source format logging while processing SIEM events into supported netflow formats.
Many flow collection and ingestion techniques exist and could be supported by the Armor platform, please speak to sales if you don't see your platform below.
Armor supported platforms for flow log collection:
Â
Enable Flow Collection by Account
Enabling flow collection is required in order to ingest flow data in the Armor SIEM. A flow source will be dedicated to your account in the Armor SIEM to process flow data. You will not be charged until data begins to flow into the Armor SIEM.
Complete the following steps to create a flow source:
In the Armor Management Portal (AMP), in the left-side navigation, click Security.
Click Log & Data Management.
Click External Sources.
Click the plus ( + ) sign.
If you do not have any log sources already created, then click Add a New Log Source
In Endpoint, select the available Armor Endpoint.
In Log Source Type, select Flow Logs.
In the pop-up window, click Yes, Enable Flows For My Account.
A message will display at the bottom of the screen, indicating that the flow source has been created.
Flows are now enabled on your account! Pick your flow source and continue your flows setup: