I am able successfully view Cisco MARS netflow messages in the GUI. However, how can I tell if any of the netflow details that I am seeing real-time have generated an incident? I have run the report "Activity: All Events and Netflow- Top Destinations Ports (Peak View)", but I can not distinguish the netflow details. Is there another report that I can run/rule which either exists or could be created that speaks specifically to Netflow Generated Incidents?
There is not a specific report that will indicate incidents created specifically on netflow data. In general, CS-MARS uses netflow data to detect anomalous network behavior through statistical analysis. Over time, CS-MARS develops a baseline of traffic behavior using the netflow data. Once the baseline is developed, CS-MARS will compare netflow data against the baseline and alert when an increase in traffic is detected. This is outlined here:
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...