1 Reply Latest reply on Feb 19, 2016 5:53 AM by peter.mason

    Determining traffic

    unrival

      Hey guys

      I plugged three type sources as SPAN port to my Network Security Sensor M1450

      My sources are: Corporate network, DMZ, Technological network

      Now in order confirm that each source sends traffic i have to find the way

      Please anybody got suggestion how to determine sources in NSM ?

       

      warm regards

        • 1. Re: Determining traffic
          peter.mason

          Hi Benjamin,

           

          You can see which Interface on the sensor generated the Alert in the Real Time Threat Analyzer.

           

          Launch the RTTA and click on the Alerts tab, select the Group by option and from the Dropdown select Interface.

           

          This will show all of the Interfaces on your sensors, sort it by device.

           

          You can also add the interface detail to the detail view under Preferences > Alert View.

           

          The Real Time Threat Analyzer only shows High and Medium severity Alerts so to see the actual volume you need to use the Historical Threat Analyzer.

           

          You can also query the iv_alert table of the database directly to get a count of alerts for a device / interface.

           

          Regards

           

          Peter