Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
723
Views
0
Helpful
2
Replies

Correlation rule/policy not working for traffic profile

niko
Level 1
Level 1

‎08-03-2016 01:28 AM - edited ‎03-12-2019 06:05 AM

Hi,

Fairly simple setup overall:

  • There is a Traffic Profile with traffic pattern and deviations gathered over time from the DNS sever - graph/data can be seen;
  • Correlation Rule is created for that Traffic Profile. Again - nothing fancy - looking for traffic profile change and checking if the number of connections are greater than 1 deviation;
  • Correlation Policy is created and that specific Rule is assigned to the policy.

Result: even if traffic goes above that deviation - no Correlation Events are generated. I've tried using absolute byte values, using velocity data, using bytes/connections, etc. in the Correlation Rule - could not get it to raise an event. Other Correlation Rules are working fine - ones that are not using the Traffic Profile, so my guess is that there is a problem with that specific feature.

I was able to reproduce it in two different environment + dCloud demo cloud.

Is anyone out there using Traffic Profiles in Correlation Rules and have positive results or have stumbled upon something similar?

Thanks!

Labels:
0 Helpful
2 Replies 2

niko
Level 1
Level 1

‎08-08-2016 05:26 AM

Bump? Anyone?

0 Helpful

niko
Level 1
Level 1
In response to niko

‎09-11-2016 11:45 PM

I haven't tried this out on 6.1, is there anyone who can give any insight?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card