I have a student who wants to turn on Netflow on his WAN links but he has a concern. The WAN is not heavily utilized during the day, file sharing and Citrix traffic are not heavy. However, during the night traffic levels spike due to backup traffic and iSCSI replication. I understand that MARS baselines traffic with Netflow for 7 days and then starts generating anomaly based incidents. My question: what does MARS do for the baseline? Is it an average amount of traffic for the 7 day period? Is it an average based on different time periods during the day?
When MARS is configured to work with NetFlow, you can take advantage of NetFlow's anomaly detection using statistical profiling, which can pinpoint day zero attacks like worm outbreaks. MARS uses NetFlow data to accomplish the following:
â¢ Profile the network usage to determine a usage baseline
â¢ Detect statistically significant anomalous behavior in comparison to the baseline
â¢ Correlate anomalous behavior to attacks and other events reported by network IDS/IPS systems
Thank you for the response. However, I understood all of that before I posted the question. My question is rather specific about how MARS does those things. Do you have any information along those lines? Thanks again.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...