Difference between revisions of "Forensic Data Using the API"
From Observer GigaFlow Support | VIAVI Solutions Inc.
Kevin Wilkie (Talk | contribs) (Created page with "Reports Available For Forensics Reporting "Application Flows" "Address Pairs" "MAC Address Pairs" "Interfaces By Source" "Interfaces By Dest" "Interface Pairs" "Sessions...") |
Kevin Wilkie (Talk | contribs) |
||
| Line 68: | Line 68: | ||
"Subnet Class C By Source" srcadd-modulus(srcadd,256) as srcsubnetc | "Subnet Class C By Source" srcadd-modulus(srcadd,256) as srcsubnetc | ||
"Addresses By Dest" dstadd | "Addresses By Dest" dstadd | ||
| + | |||
| + | Fields Available | ||
| + | Application ID as selected after profiling:appid | ||
| + | Device ID:device | ||
| + | Device And Input Interface ID:device||'_'||inif as difin | ||
| + | Device And Output Interface ID:device||'_'||outif as difout | ||
| + | Destination IP Address:dstadd | ||
| + | Destination Class A Subnet:dstadd-modulus(dstadd,16777216) as dstsubneta | ||
| + | Destination Class C Subnet:dstadd-modulus(dstadd,256) as dstsubnetc | ||
| + | Destination Class B Subnet:dstadd-modulus(dstadd,65536) as dstsubnetb | ||
| + | Destination AS Number:dstas | ||
| + | Destination MAC Address:dstmac | ||
| + | Destination IP Port Number:dstport | ||
| + | MS Timestamp Of When Flow Record Was First Seen:firstseen | ||
| + | TCP Flags:flags | ||
| + | Forwarding Event Code:fwevent | ||
| + | Extended Event Code:fwextcode | ||
| + | Input Interface ID:inif | ||
| + | Output Interface ID:outif | ||
| + | Posutre ID Of Flow As Marked After Processing:postureid | ||
| + | IP Protocol Nunmber:proto | ||
| + | Source IP Address: srcadd | ||
| + | Source Class A Subnet:srcadd-modulus(srcadd,16777216) as srcsubneta | ||
| + | Source Class C Subnet:srcadd-modulus(srcadd,256) as srcsubnetc | ||
| + | Source Class B Subnet:srcadd-modulus(srcadd,65536) as srcsubnetb | ||
| + | Source AS number:srcas | ||
| + | Source MAC Address:srcmac | ||
| + | Source IP Port:srcport | ||
| + | TOS/QOS Marking:tos | ||
| + | Text Field:url | ||
| + | User ID:userid | ||
Revision as of 12:54, 30 April 2018
Reports Available For Forensics Reporting "Application Flows"
"Address Pairs" "MAC Address Pairs" "Interfaces By Source" "Interfaces By Dest" "Interface Pairs" "Sessions" "Sessions Flows" "Sessions With Ints" "Protocols" "Posture" "Applications" "URLs" "Ports By Source" "Ports By Dest" "TCP Flags" "FW Event" "FW Ext Code" "Class of Service" "ASs Pairs" "ASs By Source" "ASs By Dest" "Users" "MAC Addresses By Source" "MAC Addresses By Dest" "Addresses By Source" "Subnet Class A By Dest" "Subnet Class B By Dest" "Subnet Class C By Dest" "Subnet Class A By Source" "Subnet Class B By Source" "Subnet Class C By Source" "Addresses By Dest"
Key Fields For Each Report "Application Flows" srcadd, dstadd, appid
"Address Pairs" srcadd, dstadd "MAC Address Pairs" srcmac, dstmac "Interfaces By Source" device, device||'_'||inif as difin "Interfaces By Dest" device, device||'_'||outif as difout "Interface Pairs" device, device||'_'||inif as difin, device||'_'||outif as difout "Sessions" srcadd, srcport, dstadd, dstport, appid "Sessions Flows" firstseen, srcadd, srcport, dstadd, dstport, appid, proto "Sessions With Ints" srcadd, srcport, inif, dstadd, dstport, outif, appid "Protocols" proto "Posture" postureid "Applications" appid "URLs" url "Ports By Source" srcport "Ports By Dest" dstport "TCP Flags" flags "FW Event" fwevent "FW Ext Code" fwextcode "Class of Service" tos "ASs Pairs" srcas, dstas "ASs By Source" srcas "ASs By Dest" dstas "Users" userid "MAC Addresses By Source" srcmac "MAC Addresses By Dest" dstmac "Addresses By Source" srcadd "Subnet Class A By Dest" dstadd-modulus(dstadd,16777216) as dstsubneta "Subnet Class B By Dest" dstadd-modulus(dstadd,65536) as dstsubnetb "Subnet Class C By Dest" dstadd-modulus(dstadd,256) as dstsubnetc "Subnet Class A By Source" srcadd-modulus(srcadd,16777216) as srcsubneta "Subnet Class B By Source" srcadd-modulus(srcadd,65536) as srcsubnetb "Subnet Class C By Source" srcadd-modulus(srcadd,256) as srcsubnetc "Addresses By Dest" dstadd
Fields Available
Application ID as selected after profiling:appid Device ID:device Device And Input Interface ID:device||'_'||inif as difin Device And Output Interface ID:device||'_'||outif as difout Destination IP Address:dstadd Destination Class A Subnet:dstadd-modulus(dstadd,16777216) as dstsubneta Destination Class C Subnet:dstadd-modulus(dstadd,256) as dstsubnetc Destination Class B Subnet:dstadd-modulus(dstadd,65536) as dstsubnetb Destination AS Number:dstas Destination MAC Address:dstmac Destination IP Port Number:dstport MS Timestamp Of When Flow Record Was First Seen:firstseen TCP Flags:flags Forwarding Event Code:fwevent Extended Event Code:fwextcode Input Interface ID:inif Output Interface ID:outif Posutre ID Of Flow As Marked After Processing:postureid IP Protocol Nunmber:proto Source IP Address: srcadd Source Class A Subnet:srcadd-modulus(srcadd,16777216) as srcsubneta Source Class C Subnet:srcadd-modulus(srcadd,256) as srcsubnetc Source Class B Subnet:srcadd-modulus(srcadd,65536) as srcsubnetb Source AS number:srcas Source MAC Address:srcmac Source IP Port:srcport TOS/QOS Marking:tos Text Field:url User ID:userid
