Triggered NetFlow: A Woland-Santuka Pro-Tip
Vivek Santuka, CCIE #17621, is a consulting systems engineer at Cisco Systems who focuses on ISE for Cisco’s largest customers around the world. He and I devised, tested and deployed the methodology discussed in this blog entry, which we like to call “Triggered NetFlow.”
NetFlow is an incredibly useful and under-valued security tool. Essentially, it is similar to a phone bill. A phone bill does not include recordings of all the conversations you have had in their entirety; it is a summary record of all calls sent and received.
Cisco routers and switches support NetFlow, sending a “record” of each packet that has been routed, including the ports and other very usable information.