Impelix IMPACT Integration
with Cisco NetFlow
The Impelix IMPACT platform ingests telemetry from your all your security products as well as third-party feeds (threat intelligence, cybersecurity risk, business resilience intelligence, etc.) and delivers event correlation, security control efficacy, and compliance monitoring.
We believe that the more data ingested into IMPACT, the more context you will have regarding security incidents, which will allow effective and efficient incident response and compliance management. Therefore, we encourage and facilitate connecting vendor products telemetry with Impelix IMPACT platform.
Cisco NetFlow
Cisco NetFlow on IOS
Commands to enable NetFlow on Cisco IOS
- enable
- configure terminal
- ip flow-export destination 2055
- ip flow-export source (e.g. use a Loopback interface or routable interface to IMPACT appliance)
- ip flow-export version 9 (if version 9 does not take, use version 5)
- ip flow-cache timeout active 1
- ip flow-cache timeout inactive 15
- snmp-server ifindex persist
- Enable NetFlow on each layer-3 interface you are interested in monitoring traffic for: interface ip flow ingress
- exit
- write memory
Wait at least 10 minutes then on the Impelix IMPACT Search interface, run a search on an IP address that should have been monitored by the NetFlow exporter. It should show up in the communications tab.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/15-mt/fnf-15-mt-book.html