Difference between revisions of "Flow/Profiling"

From Observer GigaFlow Support | VIAVI Solutions Inc.
Jump to: navigation, search
(Created page with "This is a very powerful feature allowing white-listed flows to be matched to a set of defined IP addresses. It is very configurable in both the definitions of the selected "en...")
 
Line 4: Line 4:
 
Talking this address a defined set of acceptable flows can be built.
 
Talking this address a defined set of acceptable flows can be built.
  
Some definitions  
+
[[Some definitions  
 +
]]
 +
'''Entry'''      This is the definition of the set of IP addresses that are to be profiled
  
Entry      This is the definition of the set of IP addresses that are to be profiled
+
'''Allowed'''    This is the definition of the flows that can match ans pass without causing an exception
  
Allowed    This is the definition of the flows that can match ans pass without causing an exception
+
'''Hits'''        This is the number of flow records that have matched the allowed flows  
  
Hits        This is the number of flow records that have matched the allowed flows
+
'''Exceptions'''  This is the flow records that have not matched the Allowed Flow record template
  
Exceptions  This is the flow records that have not matched the Allowed Flow record template
+
'''Alert'''       This is to decide if exceptions are stored in the alerts
 
+
Alert      This is to decide if exceptions are stored in the alerts
+

Revision as of 10:22, 2 October 2016

This is a very powerful feature allowing white-listed flows to be matched to a set of defined IP addresses. It is very configurable in both the definitions of the selected "entries" that are going to have their flows checked against and the definition of the "acceptable flow"

It has been found the best way to start into Flow Profiling is to select one type of device and a single ip of this type. In retail this might be a Point of sale. Talking this address a defined set of acceptable flows can be built.

[[Some definitions ]] Entry This is the definition of the set of IP addresses that are to be profiled

Allowed This is the definition of the flows that can match ans pass without causing an exception

Hits This is the number of flow records that have matched the allowed flows

Exceptions This is the flow records that have not matched the Allowed Flow record template

Alert This is to decide if exceptions are stored in the alerts