Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
0
Helpful
1
Replies

CS-MARS NetFlow

jaylena123
Level 4
Level 4

‎12-30-2005 09:55 AM - edited ‎03-09-2019 01:29 PM

Does anyone know how CS-MARS displays anomalies detected through NetFlow? Documentation says the HTML interface will display NetFlow anomaly detection, but I do not see where a specific NetFlow report is displayed.

Labels:
0 Helpful
1 Reply 1

l.warner
Level 1
Level 1

‎01-04-2006 10:22 AM

You'll see the sudden increase in traffic to port event fire once an anomaly is detected. If you then look at the details of the event you'll see output that looks something like this:

Traffic anomaly to host x.x.x.x at port 80. Flow/Session count this hour is 9164, Mean is 0, Variance is 0.

0 Helpful
Customers Also Viewed These Support Documents