Our enterprise is currently using RSA enVision for SIEM. However enVision does not support netflow/sflow collection. We are evaluating Splunk as a possible SIEM replacement for enVision. However currently in order to have Splunk collect netflow, there has to be a mid-range application collecting the netflow, then writing the flow data to a textual format. Splunk support has said that direct netflow collection is in the works and should be available soon. However to evaluate the netflow reporting of Splunk, I will need a mid-range application.
Which brings me to RNA. Our eval server is Windows OS, which rules out all of the free light-weight linux flow collection apps. I know Orion RNA would collect flows, but could it also export them on a schedule or as close to real-time as possible to a textual format? This would then allow Splunk to read the file that RNA would be writing the flow data.
Any assistance with this request would be appreciated.