Traffic Analysis reports provide security teams with a holistic view of traffic patterns
by sampling a random flow of traffic using the sFlow® feature. The data gets sent to a collector server for analysis. Security administrators
can establish a baseline of typical application traffic to identify unusual patterns.
Before an analysis report can be generated, you must complete a successful profile
distribution to all devices that the sFlow reports will be run against. This creates
a
policy association, which the Vertica database requires in order to generate a
report.
The data that is sampled gets sent as an sFlow datagram packet to a collector server
where analysis occurs.
The SMS includes the following traffic analysis report templates:
- Top IP by Bandwidth
- Top Protocol by Bandwidth
- Top Service by Bandwidth
 |
NoteThe option to generate a Traffic Analysis
report is available only for SMS-managed TPS devices running TOS v5.0.0 or later.
Traffic sampling using sFlow is not supported on vTPS devices.
|
The following table lists the criteria panels that are available for those report
templates.
| Use this criteria panel... | To filter the report by: |
| Protocols, Services Criteria |
Protocols, such as GGP, ICMP, TCP, and UDP, and services to be included or excluded.
Services are defined collections of TCP/UDP ports, IP protocols, or ICMP type and
code values. Service groups are collections of services and are available for selection
in this same list.
|
| Segment, Device Criteria | Available physical segments and devices.
|
| Network Criteria | Source and destination addresses and ports, and VLAN. |
| Report Options |
|