0 Replies Latest reply on Jan 18, 2011 8:21 AM by jodros

    Evaluating Splunk for SIEM - Using Orion RNA


      Our enterprise is currently using RSA enVision for SIEM.  However enVision does not support netflow/sflow collection.  We are evaluating Splunk as a possible SIEM replacement for enVision.  However currently in order to have Splunk collect netflow, there has to be a mid-range application collecting the netflow, then writing the flow data to a textual format.  Splunk support has said that direct netflow collection is in the works and should be available soon.  However to evaluate the netflow reporting of Splunk, I will need a mid-range application.

      Which brings me to RNA.  Our eval server is Windows OS, which rules out all of the free light-weight linux flow collection apps.  I know Orion RNA would collect flows, but could it also export them on a schedule or as close to real-time as possible to a textual format?  This would then allow Splunk to read the file that RNA would be writing the flow data.

      Any assistance with this request would be appreciated.