Cisco Secure Network Analytics User Guide

Nyem rau (Ellipsis) icon rau cov khoom siv thiab xaiv Kho kom raug
Khoom Configuration.
Hauv General tab, scroll rau Cov Kev Pabcuam Sab Nraud thiab tshem tawm
Qhib Kev Ntsuas Kev Ua Haujlwm Zoo rau Cov Neeg Siv Khoom.

Nyem Thov Chaw thiab txuag cov kev hloov pauv raws li tau hais tseg.
Paub meej tias Cov Khoom Siv Hluav Taws Xob rov qab mus rau Txuas rau ntawm Central
Management Inventory tab.

FAQ (Cov lus nug nquag nug)

Kuv yuav ua li cas thiaj paub yog tias Kev Ntsuas Kev Ua Tau Zoo ntawm Cov Neeg Siv Khoom tau qhib?

Cov Neeg Siv Khoom Ua Tau Zoo Metrics tau qhib rau ntawm koj qhov Ruaj Ntseg
Network Analytics khoom siv.

Cov ntaub ntawv dab tsi yog tsim los ntawm Secure Network Analytics?

Secure Network Analytics tsim ib JSON file nrog cov ntaub ntawv metrics
uas yog xa mus rau huab.

“`

View Fullscreen

Cisco Secure Network Analytics
Cov Neeg Siv Khoom Zoo Metrics Configuration Guide 7.5.3

Cov Lus Qhia

Tshajview

Configuring Network Firewall

Configuring tus Manager

Disabling Customer Success Metrics

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Hom kev sau

Metrics Paub meej

Flow Collector

Flow Collector StatsD

Tus thawj tswj

Manager StatsD

UDP Director

Txhua yam khoom siv

Hu rau Support

Hloov keeb kwm

-2-

Tshajview
Tshajview
Cov Neeg Siv Khoom Zoo Metrics tso cai rau Cisco Secure Network Analytics (yav tas los Stealthwatch) cov ntaub ntawv xa mus rau huab kom peb tuaj yeem nkag mus rau cov ntaub ntawv tseem ceeb hais txog kev xa tawm, kev noj qab haus huv, kev ua haujlwm, thiab kev siv koj lub cev.
l Enabled: Cov Kev Ntsuas Kev Ua Tau Zoo ntawm Cov Neeg Siv Khoom tau txais kev tso cai ntawm koj cov khoom siv ruaj ntseg Network Analytics.
l Kev Siv Is Taws Nem: Kev nkag mus hauv Is Taws Nem yog xav tau rau Cov Neeg Siv Khoom Ua Haujlwm Zoo. l Cisco Security Service Txauv: Cisco Security Service Exchange tau qhib
tau nyob rau hauv v7.5.x thiab yuav tsum tau rau Cov Neeg Siv Khoom Kev Ntsuas. l Cov ntaub ntawv Files: Secure Network Analytics tsim ib JSON file nrog cov ntaub ntawv metrics.
Cov ntaub ntawv raug tshem tawm ntawm lub cuab yeej tam sim ntawd tom qab nws xa mus rau huab.
Phau ntawv no suav nrog cov ntaub ntawv hauv qab no:
l Configuring the Firewall: Configure your network firewall kom tso cai rau kev sib txuas lus los ntawm koj cov khoom siv rau huab. Xa mus rau Configuring Network Firewall.
l Disabling Customer Success Metrics: Txhawm rau xaiv tawm ntawm Cov Neeg Siv Khoom Ua Haujlwm Zoo, xa mus rau Disabling Customer Success Metrics.
l Cov Kev Ntsuas Kev Ua Tau Zoo ntawm Cov Neeg Siv Khoom: Yog xav paub meej txog cov kev ntsuas, xa mus rau Cov Neeg Siv Khoom Kev Ntsuas Cov Ntaub Ntawv.
Rau cov ntaub ntawv khaws cia cov ntaub ntawv thiab yuav ua li cas thov tshem tawm cov kev ntsuas kev siv uas tau sau los ntawm Cisco, xa mus rau Cisco Secure Network Analytics Privacy Data Sheet. Yog xav tau kev pab, thov hu rau Cisco Support.

-3-

Configuring Network Firewall
Configuring Network Firewall
Txhawm rau tso cai rau kev sib txuas lus los ntawm koj cov khoom siv rau huab, teeb tsa koj lub network firewall ntawm koj Cisco Secure Network Analytics Manager (yav tas los Stealthwatch Management Console).
Xyuas kom tseeb tias koj cov cuab yeej siv Internet.
Configuring tus Manager
Txhim kho koj lub network firewall kom tso cai rau kev sib txuas lus los ntawm koj Cov Thawj Coj mus rau IP chaw nyob hauv qab no thiab chaw nres nkoj 443:
l api-sse.cisco.com l est.sco.cisco.com l mx*.sse.itd.cisco.com l dex.sse.itd.cisco.com l eventing-ingest.sse.itd.cisco.com
Yog tias pej xeem DNS tsis raug tso cai, nco ntsoov tias koj teeb tsa qhov kev daws teeb meem hauv zos ntawm koj Tus Thawj Tswj.

-4-

Disabling Customer Success Metrics
Disabling Customer Success Metrics
Siv cov lus qhia hauv qab no txhawm rau lov tes taw Kev Ntsuas Kev Ua Haujlwm Zoo ntawm Cov Khoom Siv.
1. Nkag mus rau koj tus Thawj Tswj. 2. Xaiv Configure> Ntiaj teb no> Central Management. 3. Nyem qhov (Ellipsis) icon rau cov khoom siv. Xaiv Edit Appliance
Kev teeb tsa. 4. Nyem qhov General tab. 5. Scroll mus rau seem Kev Pabcuam Sab Nraud. 6. Uncheck lub Enable Customer Success Metrics check box. 7. Nyem Thov Chaw. 8. Ua raws li cov lus qhia ntawm lub vijtsam kom txuag tau koj cov kev hloov pauv. 9. Nyob rau ntawm Central Management Inventory tab, paub meej tias Cov Khoom Siv Hluav Taws Xob rov qab mus rau
Txuas nrog. 10. Txhawm rau lov tes taw Cov Kev Ntsuas Kev Ua Haujlwm Zoo ntawm cov khoom siv, rov ua cov kauj ruam 3 mus txog
9.

-5-

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv
Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv
Thaum Cov Neeg Siv Khoom Ua Haujlwm Zoo tau qhib, cov ntsuas ntsuas tau sau rau hauv lub kaw lus thiab muab tso rau txhua 24 teev rau huab. Cov ntaub ntawv raug tshem tawm ntawm lub cuab yeej tam sim ntawd tom qab nws xa mus rau huab. Peb tsis sau cov ntaub ntawv qhia tus kheej xws li pab pawg tswv tsev, chaw nyob IP, cov npe siv, lossis tus password.
Rau cov ntaub ntawv khaws cia cov ntaub ntawv thiab yuav ua li cas thov tshem tawm cov kev ntsuas kev siv uas tau sau los ntawm Cisco, xa mus rau Cisco Secure Network Analytics Privacy Data Sheet.
Hom kev sau
Txhua qhov ntsuas tau sau ua ib qho ntawm cov khoom sau hauv qab no:
l App Pib: Ib qho nkag txhua 1 feeb (sau tag nrho cov ntaub ntawv txij li daim ntawv thov pib).
l Kev Tshaj Tawm: Ib qho nkag rau 24-teev sijhawm l Lub Sijhawm: Ib qho nkag txhua 5 feeb (tag nrho ntawm 288 nkag rau 24-teev sijhawm) l Snapshot: Ib qho nkag rau qhov taw tes hauv lub sijhawm cov ntawv tshaj tawm raug tsim tawm
Qee hom kev sau yog sau ntawm ntau zaus ntau dua li qhov peb tau piav qhia ntawm no, lossis lawv yuav raug teeb tsa (nyob ntawm daim ntawv thov). Xa mus rau Metrics Details kom paub ntau ntxiv.
Metrics Paub meej
Peb tau teev cov ntaub ntawv sau los ntawm hom khoom siv. Siv Ctrl + F los tshawb cov ntxhuav los ntawm lo lus tseem ceeb.

-6-

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Flow Collector

Metric Identification Description

devices_cache.active

Tus naj npawb ntawm cov chaw nyob MAC los ntawm ISE hauv cov cuab yeej cache.

Hom kev sau
Snapshot

devices_cache.deleted
devices_cache.dropped
devices_cache.new
flow_stats.fps flow_stats.flows
flow_cache.active
flow_cache.dropped
flow_cache.end
flow_cache.max flow_cache.percentage
flow_cache.started
hosts_cache.cached

Tus naj npawb ntawm MAC chaw nyob uas tau muab tshem tawm los ntawm ISE hauv cov cuab yeej cache vim tias lawv tau teem sijhawm.

Nquag

Tus lej ntawm MAC chaw nyob poob los ntawm ISE vim tias cov cuab yeej cache puv.

Nquag

Tus lej ntawm MAC chaw nyob tshiab los ntawm ISE ntxiv rau hauv cov cuab yeej cache.

Nquag

Outbound flows ib ob nyob rau hauv feeb kawg. Lub sijhawm

Inbound flows ua tiav.

Lub sijhawm

Tus naj npawb ntawm cov nquag ntws hauv Flow Collector flow cache.

Snapshot

Tus naj npawb ntawm ntws poob vim tias Flow Collector flow cache puv.

Nquag

Tus naj npawb ntawm cov ntws tau xaus rau hauv Flow Collector flow cache.

Lub sijhawm

Qhov loj tshaj plaws ntawm Flow Collector flow cache. Lub sijhawm

Feem pua ntawm cov peev txheej ntawm Flow Collector flow cache

Lub sijhawm

Tus naj npawb ntawm cov ntws ntxiv rau Flow Collector flow cache.

Nquag

Tus naj npawb ntawm cov tswv hauv lub host cache.

Lub sijhawm

-7-

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification Description

Hom kev sau

hosts_cache.deleted Tus naj npawb ntawm hosts deleted nyob rau hauv lub host cache.

Nquag

hosts_cache.dropped

Tus naj npawb ntawm hosts poob vim tus tswv cache puv.

Nquag

hosts_cache.max

Qhov loj tshaj plaws ntawm tus tswv tsev cache.

Lub sijhawm

hosts_cache.new

Tus naj npawb ntawm cov tswv tshiab ntxiv rau hauv tus tswv tsev cache.

Nquag

hosts_cache.percentage

Feem pua ntawm cov peev txheej ntawm tus tswv cache.

Lub sijhawm

hosts_ cache.probationary_ deleted

Tus naj npawb ntawm probationary hosts * deleted hauv hosts cache.
* Cov tswv tsev raug txiav txim yog cov tswv tsev uas tsis tau yog lub hauv paus ntawm pob ntawv thiab bytes. Cov tswv tsev no raug tshem tawm ua ntej thaum tshem qhov chaw nyob hauv tus tswv tsev cache.

Nquag

interfaces.fps

Outbound tus naj npawb ntawm interface txheeb cais ib ob exported rau Vertica.

Lub sijhawm

security_events_cache.active

Tus naj npawb ntawm cov xwm txheej muaj kev ruaj ntseg hauv cov xwm txheej ruaj ntseg cache.

Snapshot

security_events_cache.dropped

Tus naj npawb ntawm cov xwm txheej kev ruaj ntseg poob vim tias cov xwm txheej ruaj ntseg cache puv.

Nquag

security_events_cache.ended

Tus naj npawb ntawm qhov kawg kev ruaj ntseg txheej xwm nyob rau hauv cov txheej xwm kev ruaj ntseg cache.

Nquag

security_events_cache.inserted

Tus naj npawb ntawm cov txheej xwm kev ruaj ntseg tso rau hauv lub rooj database.

Lub sijhawm

security_events_cache.max

Qhov loj tshaj plaws ntawm cov txheej xwm kev ruaj ntseg cache.

Lub sijhawm

-8-

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification Description

Hom kev sau

security_events_ cache.percentage

Feem pua ntawm cov peev txheej ntawm cov xwm txheej ruaj ntseg cache.

Lub sijhawm

security_events_cache.started

Tus naj npawb ntawm cov txheej xwm kev ruaj ntseg tau pib hauv cov xwm txheej ruaj ntseg cache.

Nquag

session_cache.active

Tus naj npawb ntawm cov ntu nquag los ntawm ISE hauv qhov kev sib tham cache.

Snapshot

session_cache.deleted

Tus naj npawb ntawm cov kev tshem tawm los ntawm ISE hauv kev sib kho cache.

Nquag

session_cache.dropped

Tus naj npawb ntawm kev sib tham los ntawm ISE poob vim qhov kev sib tham cache puv.

Nquag

session_cache.new

Tus naj npawb ntawm ntu tshiab los ntawm ISE ntxiv rau hauv qhov kev sib tham cache.

Nquag

users_cache.active

Tus naj npawb ntawm cov neeg siv nquag hauv cov neeg siv cache.

Snapshot

user_cache.deleted

Tus naj npawb ntawm cov neeg siv deleted hauv cov neeg siv cache vim tias lawv tau teem sijhawm.

Nquag

users_cache.dropped

Tus naj npawb ntawm cov neeg siv poob vim tias cov neeg siv cache puv.

Nquag

users_cache.new

Tus naj npawb ntawm cov neeg siv tshiab hauv cov neeg siv cache.

Nquag

reset_hour

Flow Collector pib dua teev.

N/A

verica_stats.query_ duration_sec_max

Lub sij hawm teb lus nug siab tshaj plaws.

Nquag

verica_stats.query_ duration_sec_min

Lub sij hawm teb lus nug tsawg kawg.

Nquag

verica_stats.query_ duration_sec_avg

Qhov nruab nrab cov lus nug teb lub sij hawm.

Nquag

-9-

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification Description

exporters.fc_ suav

Tus naj npawb ntawm exporters ib Flow Collector.

Hom kev sau
Lub sijhawm

Flow Collector StatsD

Metric Identification Description

ndragent.unprocessable_ nrhiav

Tus naj npawb ntawm NDR kev tshawb pom pom tias tsis tuaj yeem ua tiav.

ndr-agent.ownership_ register_failed

Kev nthuav dav: Tus naj npawb ntawm qee yam yuam kev uas tshwm sim thaum NDR nrhiav kev ua haujlwm.

ndr-agent.upload_ ua tiav

Tus naj npawb ntawm NDR kev tshawb pom tau ua tiav los ntawm tus neeg sawv cev.

ndr-agent.upload_ tsis ua hauj lwm

Tus naj npawb ntawm NDR kev tshawb pom tsis ua tiav los ntawm tus neeg sawv cev.

ndr-agent.processing_ Tus naj npawb ntawm kev ua tsis tiav tau pom thaum NDR

ua tsis tiav

ua.

ndr-agent.processing_ Tus naj npawb ntawm kev ua tiav NDR

kev vam meej

kev tshawb pom.

ndr-agent.old_ ibfile_ rho tawm

Tus naj npawb ntawm files deleted vim laus dhau lawm.

ndr-agent.old_ register_delete

Tus naj npawb ntawm cov tswv cuab tso npe raug tshem tawm vim yog laus dhau lawm.

Hom kev sau
Cumulative cleared txhua hnub
Cumulative cleared txhua hnub
Cumulative cleared txhua hnub
Cumulative cleared txhua hnub
Cumulative cleared txhua hnub
Cumulative cleared txhua hnub
Cumulative cleared txhua hnub
Cumulative cleared txhua hnub

— 10 —

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification netflow fs_netflow netflow_bytes fs_netflow_bytes sflow sflow_bytes nvm_endpoint nvm_bytes nvm_netflow
tag nrho_sal_event all_sal_bytes

Kev piav qhia

Hom kev sau

Tag nrho NetFlow cov ntaub ntawv los ntawm txhua tus Netflow exporters. suav nrog NVM cov ntaub ntawv.

Cumulative cleared txhua hnub

Netflow cov ntaub ntawv tau txais los ntawm Flow Sensors nkaus xwb.

Cumulative cleared txhua hnub

Tag nrho NetFlow bytes tau txais los ntawm ib qho NetFlow exporter. suav nrog NVM cov ntaub ntawv.

Cumulative cleared txhua hnub

NetFlow bytes tau txais los ntawm Flow Sensors nkaus xwb.

Cumulative cleared txhua hnub

sFlow cov ntaub ntawv tau txais los ntawm ib qho sFlow exporter.

Cumulative cleared txhua hnub

sFlow bytes tau txais los ntawm ib qho sFlow exporter.

Cumulative cleared txhua hnub

Cim NVM qhov kawg pom hnub no (ua ntej txhua hnub rov pib dua).

Cumulative cleared txhua hnub

NVM bytes tau txais (nrog rau kev ntws, qhov kawg, Kev Sau

thiab endpoint_interface cov ntaub ntawv).

tshem tawm txhua hnub

NVM bytes tau txais (nrog rau kev ntws, qhov kawg, Kev Sau

thiab endpoint_interface cov ntaub ntawv).

tshem tawm txhua hnub

Txhua qhov Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) cov xwm txheej tau txais (nrog rau Adaptive Security Appliance thiab non-Adaptive Security Appliance), suav los ntawm cov xwm txheej tau txais.

Cumulative cleared txhua hnub

Tag nrho Kev Ruaj Ntseg Kev Tshawb Fawb thiab Kev Sau Npe (OnPrem) Sau

— 11 —

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification
ftd_sal_event ftd_sal_bytes ftd_lina_bytes ftd_lina_event asa_asa_event asa_asa_bytes
Tus thawj tswj

Kev piav qhia

Hom kev sau

Cov xwm txheej tau txais (nrog rau Adaptive Security Appliance thiab non-Adaptive Security Appliance, suav los ntawm tus lej ntawm bytes tau txais.

tshem tawm txhua hnub

Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) (tsis yog Adaptive Security Appliance) cov xwm txheej tau txais los ntawm Firepower Threat Defense / NGIPS cov khoom siv nkaus xwb.

Cumulative cleared txhua hnub

Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Tso Npe (OnPrem) (tsis yog Adaptive Security Appliance) bytes tau txais los ntawm Firepower Threat Defense / NGIPS cov khoom siv nkaus xwb.

Cumulative cleared txhua hnub

Cov ntaub ntawv dav hlau bytes tau txais los ntawm Firepower Threat Defense li nkaus xwb.

Cumulative cleared txhua hnub

Cov xwm txheej dav hlau tau txais los ntawm Firepower Threat Defense cov cuab yeej nkaus xwb.

Cumulative cleared txhua hnub

Adaptive Security Appliance events tau txais los ntawm Adaptive Security Appliance li xwb.

Cumulative cleared txhua hnub

ASA bytes tau txais los ntawm Adaptive Security Appliance li xwb.

Cumulative cleared txhua hnub

Metric Identification Description

exporter_cleaner_ tu_enabled

Qhia seb qhov Inactive Interfaces thiab Exporters Cleaner puas tau qhib.

Hom kev sau
Snapshot

— 12 —

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification Description

Hom kev sau

exporter_cleaner_inactive_threshold

Tus naj npawb ntawm cov sij hawm xa tawm tuaj yeem ua tsis tau ua ntej nws raug tshem tawm.

Snapshot

exporter_cleaner_

Qhia seb tus Cleaner yuav tsum siv cov

siv_legacy_cleaner legacy tu functionality.

Snapshot

exporter_cleaner_ teev_after_reset

Tus naj npawb ntawm cov xuab moos tom qab rov pib dua uas lub npe yuav tsum tau muab ntxuav.

Snapshot

exporter_cleaner_interface_without_ status_presumed_ stale

Qhia seb tus Cleaner tshem tawm cov kev cuam tshuam uas tsis paub rau Flow Collector ntawm lub sijhawm rov pib dua zaum kawg, ua rau lawv tsis ua haujlwm.

Snapshot

ndrcoordinator.files_ uploaded

Qhia seb Secure Network Analytics xa mus ua haujlwm li Data Store.

Snapshot

report_ua tiav

Lub npe ntawm daim ntawv tshaj tawm thiab lub sijhawm khiav hauv milliseconds (Tus Thawj Tswj nkaus xwb).

N/A

report_params

Cov ntxaij lim dej siv thaum tus Thawj Tswj queries Flow Collector databases.
Cov ntaub ntawv exported rau ib nqe lus nug:
l cov kab ntau tshaj plaws l suav nrog-interface-cov ntaub ntawv chij l ceev-nug chij l cais- suav chij l ntws kev taw qhia cov lim dej l xaj-los ntawm kab l default-columns chij l Lub sijhawm lub qhov rais pib hnub tim thiab lub sijhawm l Lub Sijhawm qhov rai kawg hnub tim thiab lub sijhawm l Tus naj npawb ntawm cov cuab yeej ids cov txheej txheem l Tus naj npawb ntawm interface ids cov txheej txheem

Snapshot
Zaus: Ib Thov

— 13 —

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification Description

Hom kev sau

l Cov txheej txheem IPs
l Tus naj npawb ntawm cov txheej txheem IP
l Cov txheej txheem hostgroups
l Tus naj npawb ntawm cov tswv tsev ua khub
l Txawm tias cov txiaj ntsig raug lim los ntawm MAC chaw nyob
l Txawm tias cov txiaj ntsig raug lim los ntawm TCP/UDP chaw nres nkoj
l Tus naj npawb ntawm cov npe siv cov txheej txheem
l Seb cov txiaj ntsig tau lim los ntawm tus lej ntawm bytes / pob ntawv
l Txawm tias cov txiaj ntsig raug lim los ntawm tag nrho cov lej ntawm bytes / pob ntawv
l Seb cov txiaj ntsig tau lim los ntawm URL
l Seb cov txiaj ntsig raug lim los ntawm cov txheej txheem
l Txawm tias cov txiaj ntsig raug lim los ntawm daim ntawv thov ids
l Seb cov txiaj ntsig raug lim los ntawm cov txheej txheem npe
l Seb cov txiaj ntsig raug lim los ntawm cov txheej txheem hash
l Txawm tias cov txiaj ntsig raug lim los ntawm TLS version
l Tus naj npawb ntawm cov ciphers hauv cov txheej txheem cipher suite

domain.integration_ad_count

Tus naj npawb ntawm AD kev sib txuas.

Nquag

domain.rpe_ suav

Tus naj npawb ntawm lub luag haujlwm txoj cai tau teeb tsa.

Nquag

domain.hg_changes_ suav

Hloov pauv rau Host Group configuration.

Nquag

— 14 —

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification Description

Hom kev sau

integration_snmp

Kev siv SNMP tus neeg sawv cev.

N/A

integration_cognitive

Kev ceeb toom kev hem thawj thoob ntiaj teb (yav tas los Kev Txawj Ntse) kev koom ua ke tau qhib.

N/A

domain.kev pabcuam

Tus naj npawb ntawm cov kev pabcuam tau teev tseg.

Snapshot

applications_default_ suav

Tus naj npawb ntawm daim ntawv thov tau teev tseg.

Snapshot

smc_users_ suav

Tus naj npawb ntawm cov neeg siv hauv Web App.

Snapshot

login_api_ suav

Tus lej API nkag.

Nquag

login_ui_ suav

Tus naj npawb ntawm Web App log ins.

Nquag

report_concurrency Tus naj npawb ntawm cov ntawv ceeb toom khiav ib txhij.

Nquag

apicall_ui_ suav

Number of Manager API hu siv lub Web App.

Nquag

apicall_api_ suav

Tus naj npawb ntawm Tus Thawj Tswj API hu siv API.

Nquag

ua ctr

Cisco SecureX hem teb (yav tas los Cisco Threat Response) kev koom ua ke tau qhib.

N/A

ctr.alarm_sender_ enabled

Ruaj Ntseg Network Analytics ceeb toom rau SecureX hem cov lus teb tau qhib.

N/A

ctr.alarm_sender_ minimal_severity

Tsawg heev ntawm lub tswb xa mus rau SecureX hem cov lus teb.

N/A

ctr.enrichment_ enabled

Enrichment thov los ntawm SecureX kev hem thawj teb tau qhib.

N/A

ctr.enrichment_limit

Tus naj npawb ntawm Cov Txheej Txheem Kev Ruaj Ntseg saum toj kawg nkaus yuav raug xa rov qab mus rau SecureX hem cov lus teb.

Nquag

— 15 —

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification Description

Hom kev sau

ctr.enrichment_period

Lub sij hawm rau Cov Txheej Txheem Kev Ruaj Ntseg yuav raug xa rov qab rau SecureX hem cov lus teb.

Nquag

ctr.number_of_enrichment_requests

Tus naj npawb ntawm kev thov ntxiv tau txais los ntawm SecureX hem cov lus teb.

Nquag

ctr.number_of_refer_ Tus naj npawb ntawm kev thov rau Tus Thawj Coj pivot txuas

thov

tau txais los ntawm SecureX hem cov lus teb.

Nquag

ctr.xdr_number_of_ tswb

Txhua hnub suav ntawm lub tswb xa mus rau XDR.

Nquag

ctr.xdr_number_of_ ceeb toom

Txhua hnub suav ntawm kev ceeb toom xa mus rau XDR.

Nquag

ctr.xdr_sender_ enabled

Tseeb/False yog tias xa tau qhib.

Snapshot

failover_role

Tus thawj tswj thawj lossis thib ob lub luag haujlwm tsis ua haujlwm hauv pawg.

N/A

domain.cse_ suav

Tus naj npawb ntawm cov xwm txheej kev ruaj ntseg rau tus sau ID.

Snapshot

Manager StatsD

Metric Identification

Kev piav qhia

Hom kev sau

ndrcoordinator.analytics_ enabled

Marks seb Analytics puas tau qhib. 1 yog, 0 yog tsis yog.

Snapshot

ndrcoordinator.agents_ hu rau

Tus naj npawb ntawm NDR tus neeg sawv cev hu rau thaum lub sijhawm sib cuag kawg.

Snapshot

ndrcoordinator.processing_ Tus naj npawb ntawm qhov yuam kev thaum nrhiav NDR

yuam kev

ua.

Nquag

— 16 —

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification

Kev piav qhia

Hom kev sau

ndrcoordinator.files_ uploaded

Tus naj npawb ntawm NDR cov kev tshawb pom uploaded rau kev ua.

Nquag

ndrevents.processing_errors

Tus naj npawb ntawm files ua tsis tiav vim lub kaw lus tsis xa cov kev tshawb nrhiav lossis tsis tuaj yeem txheeb xyuas qhov kev thov.

Nquag

ndrevents.files_uploaded ua

Tus naj npawb ntawm files uas tau xa mus rau NDR cov xwm txheej rau kev ua haujlwm.

Nquag

sna_swing_neeg_alive

Sab hauv txee ntawm API hu siv los ntawm SNA Manager Desktop tus neeg siv khoom.

Snapshot

swrm_is_in_use

Response Management: Tus nqi yog 1 yog siv Kev Tswj Xyuas Teb. Tus nqi yog 0 yog tias nws tsis siv.

Snapshot

swb_rules

Kev Tswj Xyuas Teb: Tus naj npawb ntawm cov cai kev cai.

Snapshot

swrm_action_email

Kev Tswj Xyuas Teb: Tus naj npawb ntawm cov kev cai ua ntawm Email hom.

Snapshot

swrm_action_syslog_ lus

Kev Tswj Xyuas Teb: Tus naj npawb ntawm kev cai ua ntawm Syslog Message hom.

Snapshot

swrm_action_snmp_trap

Kev Tswj Xyuas Teb: Tus naj npawb ntawm cov kev cai ua ntawm SNMP Trap hom.

Snapshot

swrm_action_ise_anc

Kev Tswj Xyuas Teb: Tus naj npawb ntawm cov kev cai ua ntawm ISE ANC Txoj Cai Hom.

Snapshot

swb_action_webnuv

Kev Tswj Xyuas Teb: Tus naj npawb ntawm cov kev cai ua ntawm Webnuv hom.

Snapshot

swrm_action_ctr

Response Management: Tus naj npawb ntawm cov kev cai ua ntawm kev hem thawj teb yam xwm txheej.

Snapshot

— 17 —

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification va_ct va_ce va_hcs va_ss va_ses sal_input_size sal_completed_size
sal_flush_time
sal_batches_succeeded

Kev piav qhia

Hom kev sau

Kev Soj Ntsuam Pom Pom: suav cov sijhawm ua haujlwm hauv milliseconds.

Snapshot

Kev Soj Ntsuam Pom Pom: Tus naj npawb ntawm qhov yuam kev (thaum xam phaj poob).

Snapshot

Kev ntsuam xyuas pom pom: Tus tswv suav suav API cov lus teb loj hauv bytes (nrhiav cov lus teb ntau dhau).

Snapshot

Kev ntsuam xyuas pom pom: Scanners API cov lus teb loj hauv bytes (nrhiav cov lus teb ntau dhau).

Snapshot

Kev Soj Ntsuam Pom Pom: Cov Txheej Txheem Kev Ruaj Ntseg API cov lus teb loj hauv bytes (nrhiav cov lus teb ntau dhau).

Snapshot

Tus naj npawb ntawm cov khoom nkag hauv cov raj xa dej nkag.

Snapshot
Zaus: 1 feeb

Tus naj npawb ntawm cov ntawv nkag hauv qhov ua tiav batch queue.

Snapshot
Zaus: 1 feeb

Tus nqi ntawm lub sij hawm hauv milliseconds txij li lub kav dej kawg.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

Snapshot
Zaus: 1 feeb

Tus naj npawb ntawm cov batch tau sau ua tiav rau file.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

Lub sijhawm
Zaus: 1 feeb

— 18 —

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification sal_batches_processed sal_batches_failed sal_files_moved sal_files_failed sal_files_discarded sal_rows_written sal_rows_processed sal_rows_failed

Kev piav qhia

Hom kev sau

Tus naj npawb ntawm cov khoom uas tau ua tiav. Lub sijhawm

Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

Zaus: 1 feeb

Tus naj npawb ntawm cov batch uas ua tsis tiav sau ntawv mus rau file.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

Lub sijhawm
Zaus: 1 feeb

Tus naj npawb ntawm files tsiv mus rau qhov npaj txhij.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

Lub sijhawm
Zaus: 1 feeb

Tus naj npawb ntawm files uas tau ua tsis tau tejyam txav.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

Lub sijhawm
Zaus: 1 feeb

Tus naj npawb ntawm files muab pov tseg vim yuam kev.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

Lub sijhawm
Zaus: 1 feeb

Tus naj npawb ntawm kab sau rau qhov hais txog file.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

Lub sijhawm
Zaus: 1 feeb

Tus naj npawb ntawm kab uas tau ua tiav.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

Lub sijhawm
Zaus: 1 feeb

Tus naj npawb ntawm kab uas sau tsis tau. Lub sijhawm

Muaj nrog Security Analytics thiab

Ntau zaus:

— 19 —

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification
sal_total_batches_ ua tiav sal_total_batches_ ua tiav sal_total_batches_failed
sal_tag nrho_files_moved
sal_tag nrho_files_ ua tsis tiav
sal_tag nrho_files_discarded sal_total_rows_written

Kev piav qhia

Hom kev sau

Logging (OnPrem) Ib leeg-node nkaus xwb.

1 feeb

Tag nrho cov naj npawb ntawm batch ntse sau rau lub file.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

App Pib
Zaus: 1 feeb

Tag nrho cov batch uas tau ua tiav.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

App Pib
Zaus: 1 feeb

Tag nrho cov naj npawb ntawm files uas tau ua tsis tiav sau ntawv mus rau lub file.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

App Pib
Zaus: 1 feeb

Tag nrho cov naj npawb ntawm files tsiv mus rau qhov npaj txhij.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

App Pib
Zaus: 1 feeb

Tag nrho cov naj npawb ntawm files uas tau ua tsis tau tejyam txav.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

App Pib
Zaus: 1 feeb

Tag nrho cov naj npawb ntawm files muab pov tseg vim yuam kev.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

App Pib
Zaus: 1 feeb

Tag nrho cov naj npawb ntawm kab sau rau qhov hais txog file.
Muaj nrog Security Analytics thiab

App Pib
Zaus: 1 feeb

— 20 —

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification
sal_total_rows_processed
sal_total_rows_failed sal_transformer_ sal_bytes_per_event sal_bytes_received sal_events_received sal_total_events_received sal_events_dropped

Kev piav qhia

Hom kev sau

Logging (OnPrem) Ib leeg-node nkaus xwb.

Tag nrho cov kab uas tau ua tiav.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

App Pib
Zaus: 1 feeb

Tag nrho cov kab uas sau tsis tau.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

App Pib
Zaus: 1 feeb

Tus naj npawb ntawm transformation yuam kev nyob rau hauv no transformer.
Muaj nrog Kev Tshawb Fawb Kev Ruaj Ntseg thiab Kev Sau Npe (OnPrem) Ib leeg xwb.

Lub sijhawm
Zaus: 1 feeb

Qhov nruab nrab tus naj npawb ntawm bytes ib qhov kev tshwm sim tau txais.

Lub sijhawm
Zaus: 1 feeb

Tus naj npawb ntawm bytes tau txais los ntawm UDP server.

Lub sijhawm
Zaus: 1 feeb

Tus naj npawb ntawm cov xwm txheej tau txais los ntawm UDP server.

Lub sijhawm
Zaus: 1 feeb

Tag nrho cov xwm txheej tau txais los ntawm router.

App Pib

Tus naj npawb ntawm cov xwm txheej uas tsis tuaj yeem sib piv tau poob.

Lub sijhawm
Zaus: 1 feeb

— 21 —

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification sal_total_events_dropped sal_events_ignored sal_total_events_ignored sal_receive_queue_size sal_events_per thib ob sal_bytes_per_second sna_trustsec_report_runs
UDP Director

Kev piav qhia

Hom kev sau

Tag nrho tus naj npawb ntawm cov xwm txheej tsis tuaj yeem sib piv tau poob.

App Pib
Zaus: 1 feeb

Tus naj npawb ntawm ignored/unsupported txheej xwm.

Lub sijhawm
Zaus: 1 feeb

Tag nrho tus naj npawb ntawm cov xwm txheej tsis quav ntsej / tsis txhawb nqa.

App Pib
Zaus: 1 feeb

Tus naj npawb ntawm cov xwm txheej hauv qhov tau txais queue.

Snapshot
Zaus: 1 feeb

Ingest rate (tseem ceeb ib ob).

Lub sijhawm
Zaus: 1 feeb

Ingest tus nqi (bytes ib ob).

Lub sijhawm
Zaus: 1 feeb

Tus naj npawb ntawm TrustSec daim ntawv thov txhua hnub.

Nquag

Metric Identification Description

qhov chaw_ suav

Tus naj npawb ntawm qhov chaw.

Hom kev sau
Snapshot

— 22 —

Cov Neeg Siv Khoom Ua Tau Zoo Metric Cov Ntaub Ntawv

Metric Identification Description

rules_count packets_unmatched packets_dropped

Tus lej ntawm txoj cai. Cov pob ntawv siab tshaj plaws uas tsis sib xws. Poob pob ntawv eth0.

Sau hom Snapshot Snapshot Snapshot

Txhua yam khoom siv

Metric Identification Description

Hom kev sau

platform

Kho vajtse platform (piv txwv li: Dell 13G, KVM Virtual Platform).

N/A

xwm txheej

Serial tooj ntawm cov khoom siv.

N/A

version

Ruaj Ntseg Network Analytics tus lej version (piv txwv li: 7.1.0).

N/A

version_build

Tsim tus lej (piv txwv li: 2018.07.16.2249-0).

N/A

version_patch

Patch naj npawb.

N/A

csm_version

Cov Neeg Siv Khoom Ua Tau Zoo Metrics code version (piv txwv li: 1.0.24-SNAPSHOT).

N/A

power_supply.status

Tus Thawj Tswj thiab Flow Collector zog muab cov txheeb cais.

Snapshot

ProductInstanceName Smart Licensing Product identifier.

N/A

— 23 —

Hu rau Support
Hu rau Support
Yog tias koj xav tau kev pab txhawb nqa, thov ua ib qho hauv qab no: l Hu rau koj tus neeg koom tes Cisco hauv zos l Hu rau Cisco Support l Txhawm rau qhib rooj plaub los ntawm web: http://www.cisco.com/c/en/us/support/index.html l Rau xov tooj txhawb: 1-800-553-2447 Ib (Tebchaws Asmeskas) l Rau cov lej txhawb thoob ntiaj teb: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

— 24 —

Hloov keeb kwm

Cov ntaub ntawv Version 1_0

Tshaj tawm Hnub Tim 18 Lub Yim Hli 2025

Hloov keeb kwm
Nqe lus piav qhia pib Version.

— 25 —

Copyright Information
Cisco thiab Cisco logo yog cov cim lag luam lossis cov cim lag luam ntawm Cisco thiab / lossis nws cov koom tes hauv Asmeskas thiab lwm lub tebchaws. Rau view ib daim ntawv teev npe ntawm Cisco trademarks, mus rau qhov no URL: https://www.cisco.com/go/trademarks. Cov khoom lag luam thib peb tau hais tseg yog cov cuab yeej ntawm lawv cov tswv. Kev siv lo lus tus khub tsis hais txog kev sib koom tes ntawm Cisco thiab lwm lub tuam txhab. (1721R)
© 2025 Cisco Systems, Inc. thiab/los yog nws cov koom tes. Txhua txoj cai.

Cov ntaub ntawv / Cov ntaub ntawv

Cisco Secure Network Analytics [ua pdf] Cov neeg siv phau ntawv qhia
v7.5.3, ruaj ntseg Network Analytics, ruaj ntseg Network Analytics, Network Analytics, Analytics

Cov ntaub ntawv

Cov neeg siv phau ntawv

Cisco Secure Network Analytics User Guide

Ruaj Ntseg Network Analytics

Cov ntaub ntawv khoom

Specifications:

Cov lus qhia siv khoom

Configuring Network Firewall:

Configuring tus Manager:

Disabling Customer Success Metrics:

FAQ (Cov lus nug nquag nug)

Kuv yuav ua li cas thiaj paub yog tias Kev Ntsuas Kev Ua Tau Zoo ntawm Cov Neeg Siv Khoom tau qhib?

Cov ntaub ntawv dab tsi yog tsim los ntawm Secure Network Analytics?

Cov ntaub ntawv / Cov ntaub ntawv

Cov ntaub ntawv

Cia ib saib

Ncua tseg teb