https://community.cisco.com/t5/network-security/leveraging-netflow-data/m-p/2686173#M1027121 <P>Hi,&nbsp;</P><P>this is a bit unclear how to actually&nbsp;do it but my understanding is that you need an extra&nbsp;Sourcefire 3D managed sensor to&nbsp;leverage netflow data. So there's no native netflow support in defense center.</P><P>&nbsp;</P><P>From user guide&nbsp;http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/Discovery-Config.html#61546</P><P><SPAN style="color: rgb(0, 0, 0); font-family: Arial, Helvetica, sans-serif; font-size: 12.2360000610352px; line-height: normal;">Because the FireSIGHT System uses managed devices to analyze NetFlow data, your deployment must include at least one managed device that can monitor your NetFlow-enabled devices. At least one sensing interface on that managed device must be connected to a network where it can collect the data that your NetFlow-enabled devices export. Because the sensing interfaces on managed devices do not usually have IP addresses, the system does not support the direct collection of NetFlow records.</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 10 Jun 2015 14:21:55 GMT akjellerstedt 2015-06-10T14:21:55Z https://community.cisco.com/t5/network-security/leveraging-netflow-data/m-p/2686172#M1027120 <P>Hi all</P><P>I'm trying to understand how Sourcefire/Firepower uses my netflow data. I have a Virtual Defence Center up and running and four ASAs with Firepower services reporting to it. All data flows seems to work and I've even done some IPS tests with promising results.</P><P>However I have a few Cisco routers in my network that I would also like to use in the System but so far I haven't figured out how. For example, should I have the routers send flow data to the Defence Center or to the Firepower modules in the ASAs? When I follow the Network Discovery steps in the user manual I get to set up a discovery policy using the netflow sources but those policies are only deployed to the Firepower modules in the ASAs.</P><P>I realize the discovery information will not be as complete using only netflow data as it is with traffic flowing through the ASAs but it will still improve my visibility.</P><P>&nbsp;</P><P>Regards</P><P>Fredrik</P> Tue, 12 Mar 2019 12:41:39 GMT https://community.cisco.com/t5/network-security/leveraging-netflow-data/m-p/2686172#M1027120 hoffa2000 2019-03-12T12:41:39Z https://community.cisco.com/t5/network-security/leveraging-netflow-data/m-p/2686173#M1027121 <P>Hi,&nbsp;</P><P>this is a bit unclear how to actually&nbsp;do it but my understanding is that you need an extra&nbsp;Sourcefire 3D managed sensor to&nbsp;leverage netflow data. So there's no native netflow support in defense center.</P><P>&nbsp;</P><P>From user guide&nbsp;http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/Discovery-Config.html#61546</P><P><SPAN style="color: rgb(0, 0, 0); font-family: Arial, Helvetica, sans-serif; font-size: 12.2360000610352px; line-height: normal;">Because the FireSIGHT System uses managed devices to analyze NetFlow data, your deployment must include at least one managed device that can monitor your NetFlow-enabled devices. At least one sensing interface on that managed device must be connected to a network where it can collect the data that your NetFlow-enabled devices export. Because the sensing interfaces on managed devices do not usually have IP addresses, the system does not support the direct collection of NetFlow records.</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 10 Jun 2015 14:21:55 GMT https://community.cisco.com/t5/network-security/leveraging-netflow-data/m-p/2686173#M1027121 akjellerstedt 2015-06-10T14:21:55Z https://community.cisco.com/t5/network-security/leveraging-netflow-data/m-p/2686174#M1027122 <P>So if I understand this correctly, there is no point sending netflow data to the FireSIGHT/Sourcefire Virtual DC? And I don't suppose the Firepower module in my ASAs can use the netflow data?</P><P>&nbsp;</P><P>/Fredrik</P> Thu, 11 Jun 2015 09:32:05 GMT https://community.cisco.com/t5/network-security/leveraging-netflow-data/m-p/2686174#M1027122 hoffa2000 2015-06-11T09:32:05Z