cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
637
Views
15
Helpful
7
Replies

analyze netflow record

mahmoud.awney1
Beginner
Beginner

 - Because the sensing interfaces on managed devices do not usually have IP addresses,

the system does not support the direct collection of NetFlow records. how make router to export o/p record to managed device's sensing interface ?

 

- when using nmap active scanning and using custom fingerprint ?

 

1 ACCEPTED SOLUTION

Accepted Solutions

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

The Netflow device will be generating records which are inspected and parsed as they flow THROUGH a sensor - not to it. So setup the normal Netflow analyzer platform as the flow export destination on the Netflow source device. As long as there's a sensor in the path it will know to parse the data out based on the Network Discovery policy as follows below.

You need to add it in your Network Discovery policy and then re-apply the policy for it to take effect. 

View solution in original post

7 REPLIES 7

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

The Netflow device will be generating records which are inspected and parsed as they flow THROUGH a sensor - not to it. So setup the normal Netflow analyzer platform as the flow export destination on the Netflow source device. As long as there's a sensor in the path it will know to parse the data out based on the Network Discovery policy as follows below.

You need to add it in your Network Discovery policy and then re-apply the policy for it to take effect. 

thank you for replay,

 

You're welcome.

Please rate helpful replies.

please, I want to know what is the function of customer fingerprint ? and if i customize fingerprint is any other device can detect by using this custom fingerprint ?

Have you read the User Guide section on using custom fingerprinting?

I've not seen anyone actually using it since the built-in fingerprinting has shown to be more than adequate in the deployments I've done.

Any custom fingerprints you define will be used by all sensors that have the network discovery policy applied to them.

already i've read custom fingerprint from guide but when we define custom fingerprint i write target ip and enter os vulnerability map so i think custom fingerprint used for only target ip and it can't discover another similar operating system.

If that is the case, you would be best served by opening a TAC case on the issue you are encountering.

As it is designed, it should match that fingerprint to other devices that match the fingerprint. Per the guide:

"When the system sees new traffic from a host that has already been detected and currently resides in the network map, the system updates the host with the new fingerprint information. the system also uses the new fingerprint to identify any new hosts with that operating system the first time they are detected."

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: