In a “Bring-Your-Own-Everything” world, it has become even more of a challenge keeping users in check while developing an agile corporation that moves with the times. The only way for security to be effective is when it is seamless for both users and administrators.
Stormshield offers innovative end-to-end security solutions worldwide to protect networks (Stormshield Network Security), workstations (Stormshield Endpoint Security), and data (Stormshield Data Security).
These next-generation trusted solutions, certified at the highest level in Europe (EU RESTRICTED, NATO, and ANSSI EAL4+), ensure the protection of strategic information and are deployed through a partner network of distributors, integrators, and operators in businesses of all sizes, government institutions, and defense organizations worldwide.
As a trusted vendor, Stormshield deploys technologies tha have been awarded certifications and qualifications that guarantee an adapted level of protection for the strategic data of even the most sensitive corporations and organizations.
With modern threats bypassing conventional protection systems as routinely as they do, a new approach to security is imperative. Stormshield Network Security solutions are built upon the concept of multi-layer collaborative security. This holistic model, based on the active collaboration between the security engines on their various solutions, marks the future of information system defense in depth.
With the advent of Stormshield Network Security (SNS) version 3.0, they have included IPFIX/NetFlow in network analyses (latency, congestion, etc.). Being the forefront of network analysis, Plixer has been able to ingest the IPFIX template records of the SNS devices. Provided you have SNS v3.0 you also can send IPFIX/NetFlow to Scrutinizer and allow you to report on it.
As you can see here, we can ingest and provide Plixer-built reports on your IPFIX data from your Stormshield deployment. As we continue to work with Stormshield, we will continue to provide more and more reports and elements.
In « Notifications » → « Logs – Syslog – IPFIX » → « IPFIX » tab: administrators are allowed to enable the IPFIX feature as follows:
« IPFIX » tab description from the SNS user guide:
On each filtering rule, administrators are allowed to enable log level (minor, major) and its destination (disk, syslog, IPFIX):
→ Edit a filtering rule, configure log level in « General » tab of rule action
This log level configuration (at the filtering rule level) will enable or disable filtering logs (l_filter) and alarms logs (l_alarm) for each connection matching the rule.
→ Then, configure logs destination in « Advanced properties » of rule action
This log destination configuration (at the filtering rule level) will enable or disable filtering logs (l_filter) and alarms logs (l_alarm) for IPFIX.
Four templates are defined by default:
- IPv4 connections without address translation (NAT)
- IPv4 connections with NAT
- – IPv6 connections
- – alarms