Applies to Product:

USM Appliance™

AlienVault OSSIM®

You are able to configure USM Appliance All-In-One to create events when anomalous bandwidth usage is detected in NetFlow data. NetFlow events are displayed under the Event Name AlienVault-NetFlow. NetFlow Event tracking is only available if the NetFlow is enabled and the av-nf-alert plugin is enabled at a Sensor level. To enable the NetFlow, see also: Enabling NetFlow Collection from an Existing USM Appliance Sensor (Method 1) . To learn more about enabling plugins at the Sensor level, see Enable Plugins from the Sensor Configuration.

To enable events for NetFlow

1. Go to Configuration > Administration.

2. Select the Main tab and click to expand the NetFlow section.

3. Fill in the threshold values for the NetFlow event settings to designate the bandwidth usage that will trigger an event for an asset. The threshold's maximum and minimum values will apply to all assets on the sensor. A value of 0 in any of the fields will result in no event generation for the option in that field.

   Actual Netflow threshold values will depend on your individual settings and needs.

   

4. Once the desired NetFlow event settings are completed, click the Update Configuration button at the top of the page to save your changes.