Missing packet flows monitored in web traffic-fireeye-wMPS

Missing packet flows monitored in web traffic-fireeye-wMPS

Vendor: fireeye

OS: wMPS

Description:
Indeni checks if the percentage of missing packet flows is more than 10%

Remediation Steps:
10% or greater of missing packet flows could possibly mean a sizing issue. Users are advised to refer to FireEye documentation or contact support for help.

How does this work?
Indeni uses the FireEye NX “show web-anslysis stats” cli command to retrieve the blat information.

Why is this important?
Web analysis statistics displays the statistics based on the Web traffic that the NX Series appliance monitors in the network. It is critical to identify any sizing issues that can hinder proper functioning of the deployed NX solution. If the percentage value of missing packet flows is greater than 10% it can indicate a possible sizing issue of the appliance.

Without Indeni how would you find this?
An administrator could login and manually run the command via CLI to check the web-analysis statistics.

fireeye-nx-show-web-analysis-stats

name: fireeye-nx-show-web-analysis-stats
description: Fetch web analysis statistics information
type: monitoring
monitoring_interval: 5 minute
requires:
    vendor: fireeye
    os.name: wMPS
    privileged-mode: 'true'
comments:
    fireeye-nx-missing-packet-flows:
        why: |
            Web analysis statistics displays the statistics based on the Web traffic that the NX Series appliance monitors in the network.
            It is critical to identify any sizing issues that can hinder proper functioning of the deployed NX solution. If the percentage value of
            missing packet flows is greater than 10% it can indicate a possible sizing issue of the appliance.
        how: |
            Indeni uses the FireEye NX "show web-anslysis stats" cli command to retrieve the blat information.
        can-with-snmp: false
        can-with-syslog: false
    fireeye-nx-asymmetric-flows:
        why: |
            Web analysis statistics displays the statistics based on the Web traffic that the NX Series appliance monitors in the network.
            It is critical to identify any deployment issues that can hinder proper functioning of the deployed NX solution. If the percentage value of
            missing packet flows is greater than 10% it can indicate a possible deployment issue of the appliance.
        how: |
            Indeni uses the FireEye NX "show web-anslysis stats" cli command to retrieve the blat information.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: show web-analysis stats
    parse:
        type: AWK
        file: show-web-analysis-stats.parser.1.awk

FireEyeNXMissingPacketFlowsRule

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/fireeye/nx/FireEyeNXMissingPacketFlowsRule.scala