cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
208
Views
0
Helpful
1
Replies
Highlighted
Enthusiast

CS-MARS NetFlow

Does anyone know how CS-MARS displays anomalies detected through NetFlow? Documentation says the HTML interface will display NetFlow anomaly detection, but I do not see where a specific NetFlow report is displayed.

1 REPLY 1
Highlighted
Beginner

You'll see the sudden increase in traffic to port event fire once an anomaly is detected. If you then look at the details of the event you'll see output that looks something like this:

Traffic anomaly to host x.x.x.x at port 80. Flow/Session count this hour is 9164, Mean is 0, Variance is 0.