topic You're welcome.Please rate in Network Security

analyze netflow record

mahmoud.awney1 — Sun, 10 Mar 2019 13:26:18 GMT

- Because the sensing interfaces on managed devices do not usually have IP addresses,

the system does not support the direct collection of NetFlow records. how make router to export o/p record to managed device's sensing interface ?

- when using nmap active scanning and using custom fingerprint ?

the Netflow device reports to

Marvin Rhoads — Sun, 16 Aug 2015 02:33:15 GMT

The Netflow device will be generating records which are inspected and parsed as they flow THROUGH a sensor - not to it. So setup the normal Netflow analyzer platform as the flow export destination on the Netflow source device. As long as there's a sensor in the path it will know to parse the data out based on the Network Discovery policy as follows below.

You need to add it in your Network Discovery policy and then re-apply the policy for it to take effect.

thank you for replay,if i

mahmoud.awney1 — Sun, 16 Aug 2015 08:22:41 GMT

thank you for replay,

You're welcome.Please rate

Marvin Rhoads — Sun, 16 Aug 2015 14:14:11 GMT

You're welcome.

Please rate helpful replies.

please, I want to know what

mahmoud.awney1 — Sun, 16 Aug 2015 14:53:19 GMT

please, I want to know what is the function of customer fingerprint ? and if i customize fingerprint is any other device can detect by using this custom fingerprint ?

Have you read the User Guide

Marvin Rhoads — Sun, 16 Aug 2015 15:02:20 GMT

Have you read the User Guide section on using custom fingerprinting?

I've not seen anyone actually using it since the built-in fingerprinting has shown to be more than adequate in the deployments I've done.

Any custom fingerprints you define will be used by all sensors that have the network discovery policy applied to them.

already i've read custom

mahmoud.awney1 — Sun, 16 Aug 2015 17:31:02 GMT

already i've read custom fingerprint from guide but when we define custom fingerprint i write target ip and enter os vulnerability map so i think custom fingerprint used for only target ip and it can't discover another similar operating system.

If that is the case, you

Marvin Rhoads — Sun, 16 Aug 2015 17:39:42 GMT

If that is the case, you would be best served by opening a TAC case on the issue you are encountering.

As it is designed, it should match that fingerprint to other devices that match the fingerprint. Per the guide:

"When the system sees new traffic from a host that has already been detected and currently resides in the network map, the system updates the host with the new fingerprint information. the system also uses the new fingerprint to identify any new hosts with that operating system the first time they are detected."