2 Replies Latest reply on Oct 11, 2016 5:31 PM by moksha53

    Question: Selecting a specific interface as source/dest when examining netflow data. (McAfee Enterprise Security Manager 9.6.0)

    moksha53

      I am working with ESM 9.6.0 and using it to examine collected netflow data.


      When viewing a specific flow,  the "advanced details" section provides "input/output interface" info.  see below:

       

      esm-interface.png

       

      By querying the snmp-enabled device (a router for example) providing the netflow data, I have verified the that the numbers (2/3 in above example) do in fact correspond to the associated interface's "SNMP interface index".

       

      Example:

      show snmp mib ifmib ifindex

      FastEthernet0/1: Ifindex = 3

      FastEthernet0/0: Ifindex = 2

       

      And the "advanced details" interface data makes sense - interface usage and flow direction is as expected.

       

      But - I have not found a way to establish an ESM filter using that information (2 or 3 in example) such that ONLY flows associated with a specific input or output interface are selected.

      I want to do such a selection and download the interface-specific results as a csv.

       

      Is this possible?