33.5 Configuring IP Flow Data Collection

Sentinel leverages ArcSight SmartConnectors that help you monitor your enterprise network by collecting IP Flow data. SmartConnectors collect IP Flow data as events and are therefore considered for EPS count. This allows you to:

  • Use existing Collector Managers to collect IP Flow data.

  • Leverage IP Flow data in several areas of Sentinel such as visualizations, event routing, data federation, reports, and correlation.

  • Apply data retention policies to IP Flow data, which allows you to store this data for the desired duration.

The IP Flow functionality is now enabled by default. You must install and configure the ArcSight SmartConnector to collect IP Flow data,.

Sentinel no longer includes NetFlow capabilities including NetFlow views. With SmartConnectors collecting IP Flow data as events you can use existing Collector Managers to collect NetFlow data. So, you will no longer need NetFlow Collector Managers to collect NetFlow data. Therefore, you can uninstall any existing NetFlow Collector Managers.

33.5.1 Configuring SmartConnectors that collect IP Flow data

Install and configure the ArcSight SmartConnector. While configuring, ensure that you configure the relevant SmartConnectors that collect IP Flow data.

For information about configuring SmartConnectors, see the Generic Universal CEF Collector documentation on the Sentinel Plug-ins Website.

33.5.2 Uninstalling Existing NetFlow Collector Managers

To uninstall existing NetFlow Collector Managers:

  1. Log in to the NetFlow Collector Manager computer with the same user permission that you used to install the NetFlow Collector Manager.

  2. Change to the following directory:

  3. Run the following command:

  4. Enter y to uninstall the Collector Manager.

    The script first stops the service and then uninstalls the Collector Manager completely.