1 of 1 people found this helpful
SolarWinds have a NTA product which will accept flow data but as far as I know it will not allow you to associate this activity with usernames. I stand to be corrected on this but I think user names are only available in the user device tracker product which is more about tracing ports and which users are connected.
We have developed a product called LANGuardian which uses a SPAN port instead of flow data and it integrates with Orion. By performing DPI on network packets you can report on Internet activity by username or IP and it also supports direct and proxy based traffic. You can see a sample of its output at this link
AFAIK netflow does not send any user identifying information. You may think integrating a firewall/proxy which has the capability to map IP addresses to domain usernames by checking ActiveDirectory events, e.g.
Thanks guys, Darragh I'll take a look and maybe give you a call as it would be nice to keep it all under one pane, though I would have some questions around support/interop with NTA/Orion with regards to upgrades etc.
cem a. - We have checkpoint linking into AD and pulling username and associated IP, while its not flawless (eg Citrix servers) its a help. But this is exactly why im looking for something more specific, pretty much exactly what Darragh posted above!
As has been previously mentioned, there's no way to do flow-to-user correlation solely with NetFlow. There are other flow analytics vendors that integrate user ID with NetFlow by querying Active Directory logon events and caching username-to-IP address mappings. Since Solarwinds already has event querying capability built into SAM and UDT, it would be a great feature to have in an upcoming release.