Asymmetric flows monitored in web traffic-fireeye-wMPS

Asymmetric flows monitored in web traffic-fireeye-wMPS
0

Asymmetric flows monitored in web traffic-fireeye-wMPS

Vendor: fireeye

OS: wMPS

Description:
Indeni checks if the percentage of asymmetric flows is more than 10%

Remediation Steps:
10% or greater of asymmetric flows could possibly mean a deployment issue. Users are advised to refer to FireEye documentation or contact support for help.

How does this work?
Indeni uses the FireEye NX “show web-anslysis stats” cli command to retrieve the blat information.

Why is this important?
Web analysis statistics displays the statistics based on the Web traffic that the NX Series appliance monitors in the network. It is critical to identify any deployment issues that can hinder proper functioning of the deployed NX solution. If the percentage value of missing packet flows is greater than 10% it can indicate a possible deployment issue of the appliance.

Without Indeni how would you find this?
An administrator could login and manually run the command via CLI to check the web-analysis statistics.

fireeye-nx-show-web-analysis-stats

name: fireeye-nx-show-web-analysis-stats
description: Fetch web analysis statistics information
type: monitoring
monitoring_interval: 5 minute
requires:
    vendor: fireeye
    os.name: wMPS
    privileged-mode: 'true'
comments:
    fireeye-nx-missing-packet-flows:
        why: |
            Web analysis statistics displays the statistics based on the Web traffic that the NX Series appliance monitors in the network.
            It is critical to identify any sizing issues that can hinder proper functioning of the deployed NX solution. If the percentage value of
            missing packet flows is greater than 10% it can indicate a possible sizing issue of the appliance.
        how: |
            Indeni uses the FireEye NX "show web-anslysis stats" cli command to retrieve the blat information.
        without-indeni: |
            An administrator could login and manually run the command via CLI to check the web-analysis statistics.
        can-with-snmp: false
        can-with-syslog: false
    fireeye-nx-asymmetric-flows:
        why: |
            Web analysis statistics displays the statistics based on the Web traffic that the NX Series appliance monitors in the network.
            It is critical to identify any deployment issues that can hinder proper functioning of the deployed NX solution. If the percentage value of
            missing packet flows is greater than 10% it can indicate a possible deployment issue of the appliance.
        how: |
            Indeni uses the FireEye NX "show web-anslysis stats" cli command to retrieve the blat information.
        without-indeni: |
            An administrator could login and manually run the command via CLI to check the web-analysis statistics.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: show web-analysis stats
    parse:
        type: AWK
        file: show-web-analysis-stats.parser.1.awk

FireEyeNXAsymmetricFlowsRule

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package templatebased.fireeye.nx

import com.indeni.server.rules.library.templates.NumericThresholdOnDoubleMetricTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
import com.indeni.server.rules.ThresholdDirection

/**
  *
  */
case class FireEyeNXAsymmetricFlowsRule() extends NumericThresholdOnDoubleMetricTemplateRule(
  ruleName = "FireEyeNXAsymmetricFlowsRule",
  ruleFriendlyName = "FireEye NX Devices: Asymmetric flows monitored in web traffic",
  ruleDescription = "Indeni checks if the percentage of asymmetric flows is more than 10%",
  severity = AlertSeverity.WARN,
  metricName = "fireeye-nx-asymmetric-flows",
  threshold = 10.0,
  thresholdDirection = ThresholdDirection.ABOVE,
  alertDescriptionFormat = "Percentage of asymmetric flows monitored in web traffic by FireEye NX has reached %.0f%%.",
  baseRemediationText = """10% or greater of asymmetric flows could possibly mean a deployment issue. Users are advised to refer to FireEye documentation or contact support for help.""")()