Asymmetric flows monitored in web traffic-fireeye-wMPS
Vendor: fireeye
OS: wMPS
Description:
Indeni checks if the percentage of asymmetric flows is more than 10%
Remediation Steps:
10% or greater of asymmetric flows could possibly mean a deployment issue. Users are advised to refer to FireEye documentation or contact support for help.
How does this work?
Indeni uses the FireEye NX “show web-anslysis stats” cli command to retrieve the blat information.
Why is this important?
Web analysis statistics displays the statistics based on the Web traffic that the NX Series appliance monitors in the network. It is critical to identify any deployment issues that can hinder proper functioning of the deployed NX solution. If the percentage value of missing packet flows is greater than 10% it can indicate a possible deployment issue of the appliance.
Without Indeni how would you find this?
An administrator could login and manually run the command via CLI to check the web-analysis statistics.
fireeye-nx-show-web-analysis-stats
name: fireeye-nx-show-web-analysis-stats
description: Fetch web analysis statistics information
type: monitoring
monitoring_interval: 5 minute
requires:
vendor: fireeye
os.name: wMPS
privileged-mode: 'true'
comments:
fireeye-nx-missing-packet-flows:
why: |
Web analysis statistics displays the statistics based on the Web traffic that the NX Series appliance monitors in the network.
It is critical to identify any sizing issues that can hinder proper functioning of the deployed NX solution. If the percentage value of
missing packet flows is greater than 10% it can indicate a possible sizing issue of the appliance.
how: |
Indeni uses the FireEye NX "show web-anslysis stats" cli command to retrieve the blat information.
can-with-snmp: false
can-with-syslog: false
fireeye-nx-asymmetric-flows:
why: |
Web analysis statistics displays the statistics based on the Web traffic that the NX Series appliance monitors in the network.
It is critical to identify any deployment issues that can hinder proper functioning of the deployed NX solution. If the percentage value of
missing packet flows is greater than 10% it can indicate a possible deployment issue of the appliance.
how: |
Indeni uses the FireEye NX "show web-anslysis stats" cli command to retrieve the blat information.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: show web-analysis stats
parse:
type: AWK
file: show-web-analysis-stats.parser.1.awk
FireEyeNXAsymmetricFlowsRule
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/fireeye/nx/FireEyeNXAsymmetricFlowsRule.scala