08-15-2015 05:11 AM - edited 03-10-2019 06:26 AM
- Because the sensing interfaces on managed devices do not usually have IP addresses,
the system does not support the direct collection of NetFlow records. how make router to export o/p record to managed device's sensing interface ?
- when using nmap active scanning and using custom fingerprint ?
Solved! Go to Solution.
08-15-2015 07:33 PM
The Netflow device will be generating records which are inspected and parsed as they flow THROUGH a sensor - not to it. So setup the normal Netflow analyzer platform as the flow export destination on the Netflow source device. As long as there's a sensor in the path it will know to parse the data out based on the Network Discovery policy as follows below.
You need to add it in your Network Discovery policy and then re-apply the policy for it to take effect.
08-15-2015 07:33 PM
The Netflow device will be generating records which are inspected and parsed as they flow THROUGH a sensor - not to it. So setup the normal Netflow analyzer platform as the flow export destination on the Netflow source device. As long as there's a sensor in the path it will know to parse the data out based on the Network Discovery policy as follows below.
You need to add it in your Network Discovery policy and then re-apply the policy for it to take effect.
08-16-2015 01:22 AM
thank you for replay,
08-16-2015 07:14 AM
You're welcome.
Please rate helpful replies.
08-16-2015 07:53 AM
please, I want to know what is the function of customer fingerprint ? and if i customize fingerprint is any other device can detect by using this custom fingerprint ?
08-16-2015 08:02 AM
Have you read the User Guide section on using custom fingerprinting?
I've not seen anyone actually using it since the built-in fingerprinting has shown to be more than adequate in the deployments I've done.
Any custom fingerprints you define will be used by all sensors that have the network discovery policy applied to them.
08-16-2015 10:31 AM
already i've read custom fingerprint from guide but when we define custom fingerprint i write target ip and enter os vulnerability map so i think custom fingerprint used for only target ip and it can't discover another similar operating system.
08-16-2015 10:39 AM
If that is the case, you would be best served by opening a TAC case on the issue you are encountering.
As it is designed, it should match that fingerprint to other devices that match the fingerprint. Per the guide:
"When the system sees new traffic from a host that has already been detected and currently resides in the network map, the system updates the host with the new fingerprint information. the system also uses the new fingerprint to identify any new hosts with that operating system the first time they are detected."
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide