Solved: thank you for replay,if i

mahmoud.awney1 · ‎08-15-2015

- Because the sensing interfaces on managed devices do not usually have IP addresses,

the system does not support the direct collection of NetFlow records. how make router to export o/p record to managed device's sensing interface ?

- when using nmap active scanning and using custom fingerprint ?

Marvin Rhoads · ‎08-15-2015

The Netflow device will be generating records which are inspected and parsed as they flow THROUGH a sensor - not to it. So setup the normal Netflow analyzer platform as the flow export destination on the Netflow source device. As long as there's a sensor in the path it will know to parse the data out based on the Network Discovery policy as follows below.

You need to add it in your Network Discovery policy and then re-apply the policy for it to take effect.

View solution in original post

Marvin Rhoads · ‎08-15-2015

The Netflow device will be generating records which are inspected and parsed as they flow THROUGH a sensor - not to it. So setup the normal Netflow analyzer platform as the flow export destination on the Netflow source device. As long as there's a sensor in the path it will know to parse the data out based on the Network Discovery policy as follows below.

You need to add it in your Network Discovery policy and then re-apply the policy for it to take effect.

mahmoud.awney1 · ‎08-16-2015

thank you for replay,

Marvin Rhoads · ‎08-16-2015

You're welcome.

Please rate helpful replies.

mahmoud.awney1 · ‎08-16-2015

please, I want to know what is the function of customer fingerprint ? and if i customize fingerprint is any other device can detect by using this custom fingerprint ?

Marvin Rhoads · ‎08-16-2015

Have you read the User Guide section on using custom fingerprinting?

I've not seen anyone actually using it since the built-in fingerprinting has shown to be more than adequate in the deployments I've done.

Any custom fingerprints you define will be used by all sensors that have the network discovery policy applied to them.

mahmoud.awney1 · ‎08-16-2015

already i've read custom fingerprint from guide but when we define custom fingerprint i write target ip and enter os vulnerability map so i think custom fingerprint used for only target ip and it can't discover another similar operating system.

Marvin Rhoads · ‎08-16-2015

If that is the case, you would be best served by opening a TAC case on the issue you are encountering.

As it is designed, it should match that fingerprint to other devices that match the fingerprint. Per the guide:

"When the system sees new traffic from a host that has already been detected and currently resides in the network map, the system updates the host with the new fingerprint information. the system also uses the new fingerprint to identify any new hosts with that operating system the first time they are detected."

analyze netflow record