Solved: NVM Telemetry – Flow to Process Correlation

jitendrac · ‎09-06-2025

Hello Community,

In a scenario where NVM telemetry is enabled from user endpoint, is it possible to directly correlate a network flow with the associated user endpoint process name and process ID from the SNA console (7.5.2)?

If not, is there any manual method or workaround to achieve this correlation between flow data and process details?

Appreciate any insights, best practices, or tools that could help with this mapping.

I really appreciate any help you can provide.

David Salter · ‎09-16-2025

Thanks! I'm still here, 19 years and counting.
It is possible to automate the query via the Manager API. The documentation for the nvm-flows API call you need is the under https://developer.cisco.com/docs/stealthwatch/enterprise/reporting-api-version-1/.

View solution in original post

David Salter · ‎09-08-2025

The advanced Subject / Peer Options includes the ability to filter for both Process Name and File Hash associated with the flow.

To get visibility in the Flow Table, use Manage Columns to add the required fields, for example:

jitendrac · ‎09-16-2025

Hi David,
Great to see you here after such a long time!
Thanks for the detailed pointers. Thanks for sharing your expertise here.
Your pointers help, but my goal is to automate the step that will get process names for flows tied to an alarm. Manual filtering works but doesn’t scale.

David Salter · ‎09-16-2025

Thanks! I'm still here, 19 years and counting.
It is possible to automate the query via the Manager API. The documentation for the nvm-flows API call you need is the under https://developer.cisco.com/docs/stealthwatch/enterprise/reporting-api-version-1/.