NetFlow Monitor Report

by Josef Weiss
April 9, 2014

This report displays event statistics leveraging the capabilities of Tenable Netflow Normalized Events. This event data is correlated to produce a series of pie charts, tables, and trends lines to display statistical data. The report is based on the the components present in the NetFlow Monitor Dashboard.

Netflow data that is being forwarded to Tenable’s LCE includes ports, source and destination IP address. The chapters in this report include:

Top Talkers (All Traffic)

  • This chapter presents the analyst with a pie chart referencing the Top 5 talkers filtered by Class B address space, Class C address space, and IP address, providing a visual representation of address space utilizing the most bandwidth over the last 24 hour reporting period.

Chapters for 1 Hour, 24 Hour, and 7 Day Analysis

  • These chapters present the analyst with a graphical representation and trending for
  • HTTP vs. HTTPS over the specified timeframe.
  • TCP vs. UDP over the specified timeframe.
  • SSH/Telnet over the specified timeframe.

This provides a fast method to conduct visual trend analysis of specific protocols.

The report is available in the SecurityCenter Feed, an app store of dashboards, reports, and assets. The report requirements are:

  • SecurityCenter 4.8.1
  • LCE 4.2.2
  • NetFlow EventData