Would be very thankful to get the solution of below mentioned issue.
Actually I'm facing exceeding of logs ingestion issue on my SIEM C360 due to Netflow logs. I want to prune netflow logs. What would be the best practice? Should I disable complete netflow logs on netflow collector or should I go with critical assets based decision or what should be the best approach in this scenerio. Right now the information which I'm getting through netflow logs include src ip, src port, dst ip, dst port.