Up
Previous Next

Sheriff CSMâ„¢

NetFlow Event Controls

You are able to configure Sheriff CSM All-In-One to create events when anomalous bandwidth usage is detected in NetFlow data. NetFlow events are displayed under the Event Name Sheriff-NetFlow. NetFlow Event tracking is only available if the NetFlow is enabled and the av-nf-alert plugin is enabled at a Sensor (Deputy) level. To enable the NetFlow, see also: Enabling NetFlow Collection from an Existing Sheriff CSM Sensor (Method 1). To learn more about enabling plugins at the Sensor level, see Enable Plugins from the Sensor Configuration.

To enable events for NetFlow
  1. Go to Configuration > Administration.

  2. Select the Main tab and click to expand the NetFlow section.

  3. Fill in the threshold values for the NetFlow event settings to designate the bandwidth usage that will trigger an event for an asset. The threshold's maximum and minimum values will apply to all assets on the Sensor. A value of 0 in any of the fields will result in no event generation for the option in that field.

    Actual NetFlow threshold values will depend on your individual settings and needs.

    Netflow Configuration Options for Alerts

  4. Once the desired NetFlow event settings are completed, click the Update Configuration button at the top of the page to save your changes.

Topic revision: r10 - 11 Dec 2021, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.