Do you see an advantage to having netflow as well as inline sensor data? If my sensor is picking up all traffic along a trunk between my main switch and firewall, it would essentially be getting all the information that i would be getting from netflow already, correct? Also, if i have a 2 node environment (1 sensor/Forward and 1 managersearch), Would netflows go to my Forward node? It has a larger harddrive for NPM data.

Hello Garrett, I found your video to be incredibly informative. I have a quick question regarding the activation of Suricata and Zeek alerts; I'm having trouble figuring it out. Could you provide some guidance on how to enable these alerts? I appreciate your help.