Cisco Secure Network Analytics User Guide

Cofa i (Ellipsis) icon yesixhobo kwaye ukhethe Hlela
Ulungelelwaniso lweSixhobo.
Kwi-General thebhu, skrolela kwiiNkonzo zaNgaphandle kwaye ungakhangeli
Nika amandla iMetrics zeMpumelelo yoMthengi.

Cofa Faka useto kwaye ugcine utshintsho njengoko uyalelwe.
Qinisekisa ubume beSixhobo sibuyela kuQhagamshelwe kuMbindi
Uluhlu lwe-Inventory tab.

FAQ (imibuzo ebuzwa rhoqo)

Ndazi njani ukuba iMetrics yeMpumelelo yoMthengi yenziwe yasebenza?

Iimetriki zeMpumelelo yoMthengi zenziwe zisebenze ngokuzenzekelayo kuKhuseleko lwakho
Izixhobo zohlalutyo lwenethiwekhi.

Yeyiphi idatha eyenziwa yi-Secure Network Analytics?

Uhlalutyo lweNethiwekhi ekhuselekileyo yenza i-JSON file ngedatha yeemetrics
ethunyelwa efini.

View Fullscreen

Cisco Secure Network Analytics
Isikhokelo soLungiselelo lweMpumelelo yoMthengi 7.5.3

Isiqulatho

Ngaphezuluview

Ukuqwalasela i-Firewall yeNethiwekhi

Ukuqwalasela uMphathi

Ikhubaza iMetrics zeMpumelelo yoMthengi

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Iintlobo zokuQokelelwa

Iinkcukacha zeMetrics

Flow Collector

Flow Collector StatsD

Umphathi

Umphathi weStatsD

UMlawuli we-UDP

Zonke izixhobo

Ukuqhagamshelana neNkxaso

Guqula iMbali

-2-

Ngaphezuluview
Ngaphezuluview
IMetrics yeMpumelelo yoMthengi yenza ukuba idatha yeCisco Secure Network Analytics (eyayisakuba yiStealthwatch) ithunyelwe kwilifu ukuze sifikelele kulwazi olubalulekileyo malunga nokuthunyelwa, impilo, ukusebenza, kunye nokusetyenziswa kwenkqubo yakho.
l Inikwe amandla: Iimetriki zeMpumelelo yoMthengi zenziwe zisebenze ngokuzenzekelayo kwisixhobo sakho esiKhuselekileyo soHlalutyiso lweNethiwekhi.
l Ukufikelela kwi-Intanethi: Ukufikelela kwi-Intanethi kuyafuneka kwiiMetrikhi zeMpumelelo yoMthengi. l Cisco Security Service Exchange: Cisco Security Service Exchange ivuliwe
ngokuzenzekelayo kwi-v7.5.x kwaye iyafuneka kwiiMetriki zeMpumelelo yoMthengi. l Idatha Files: Uhlalutyo olukhuselekileyo lweNethiwekhi luvelisa i-JSON file ngedatha yeemetrics.
Idatha iyacinywa kwisixhobo ngokukhawuleza emva kokuba ithunyelwe kwilifu.
Esi sikhokelo siquka olu lwazi lulandelayo:
l Ukuqwalasela iFirewall: Lungisa i-firewall yakho yenethiwekhi ukuvumela unxibelelwano olusuka kwisixhobo sakho ukuya kwilifu. Jonga kuBumbeko kuNxibelelwano lweFirewall.
l Ukukhubaza iiMetrics zeMpumelelo yoMthengi: Ukuphuma kwiMetrics yeMpumelelo yoMthengi, bhekisa kwi-Disable Customer Success Metrics.
l Iimetriki zeMpumelelo yoMthengi: Ngeenkcukacha malunga neemethrikhi, bhekisa kwiDatha yeeMpumelelo zoMthengi.
Ngolwazi malunga nokugcinwa kwedatha kunye nendlela yokucela ukucinywa kweemetriki zokusetyenziswa eziqokelelwe yiCisco, bhekisa kwiCisco Secure Network Analytics Privacy Data Sheet. Ngoncedo, nceda uqhagamshelane Cisco Support.

-3-

Ukuqwalasela i-Firewall yeNethiwekhi
Ukuqwalasela i-Firewall yeNethiwekhi
Ukuvumela unxibelelwano olusuka kwizixhobo zakho ukuya kwilifu, misela i-firewall yenethiwekhi yakho kwiCisco Secure Network Analytics Manager yakho (eyayisakuba yiStealthwatch Management Console).
Qinisekisa ukuba izixhobo zakho zombane zine-intanethi.
Ukuqwalasela uMphathi
Qwalasela i-firewall yothungelwano lwakho ukuvumela unxibelelwano olusuka kuBaphathi bakho ukuya kwezi dilesi zilandelayo zeIP kunye nezibuko 443:
l api-sse.cisco.com l est.sco.cisco.com l mx*.sse.itd.cisco.com l dex.sse.itd.cisco.com l umcimbi-ingest.sse.itd.cisco.com
Ukuba i-DNS kawonke-wonke ayivumelekanga, qiniseka ukuba uqwalasela isisombululo ekuhlaleni kubaphathi bakho.

-4-

Ikhubaza iMetrics zeMpumelelo yoMthengi
Ikhubaza iMetrics zeMpumelelo yoMthengi
Sebenzisa le miyalelo ilandelayo ukuvala iiMetric zeMpumelelo yoMthengi kwisixhobo sombane.
1. Ngena kuMphathi wakho. 2. Khetha Misela > Ihlabathi > Ulawulo Oluphakathi. 3. Cofa i-(Ellipsis) icon yesixhobo. Khetha Hlela isiXhobo
Uqwalaselo. 4. Cofa ithebhu ngokubanzi. 5. Skrolela kwicandelo leeNkonzo zaNgaphandle. 6. Sukuqwalasela ibhokisi yokukhangela i-Imetrics yeMpumelelo yoMthengi. 7. Cofa Faka useto. 8. Landela imiyalelo yesikrini ukugcina utshintsho lwakho. 9. Kwi-Central Management Inventory tab, qinisekisa i-Appliance Status ibuyela kuyo
Iqhagamshelwe. 10. Ukuvala iMetrics yeMpumelelo yoMthengi kwesinye isixhobo, phinda amanyathelo 3 ukuya
9.

-5-

IMpumelelo yoMthengi yeeMetrikhi zeDatha
IMpumelelo yoMthengi yeeMetrikhi zeDatha
Xa iiMetrics zeMpumelelo yoMthengi zenziwe zasebenza, iimetrics ziqokelelwa kwisistim kwaye zilayishwe rhoqo kwiiyure ezingama-24 efini. Idatha iyacinywa kwisixhobo ngokukhawuleza emva kokuba ithunyelwe kwilifu. Asiqokeleli idatha yokuchonga njengamaqela abamkeli, iidilesi ze-IP, amagama abasebenzisi, okanye amagama ayimfihlo.
Ngolwazi malunga nokugcinwa kwedatha kunye nendlela yokucela ukucinywa kweemetriki zokusetyenziswa eziqokelelwe yiCisco, bhekisa kwiCisco Secure Network Analytics Privacy Data Sheet.
Iintlobo zokuQokelelwa
I-metric nganye iqokelelwa njengenye yezi ntlobo zengqokelela zilandelayo:
l Ukuqala kwe-App: Ungeno olunye rhoqo ngomzuzu omnye (uqokelela yonke idatha ukusukela oko kuqaliswe isicelo).
l Eyongezelekayo: Ingeno elinye kwixesha leeyure ezingama-24 l Ithuba: Ingeno elinye rhoqo ngemizuzu emi-5 (itotali yamangenelo angama-288 ngesithuba seeyure ezingama-24)
Ezinye zeentlobo zengqokelela ziqokelelwa kwiifrikhwensi ezohlukeneyo kunokusilela esizichazileyo apha, okanye zingaqwalaselwa (kuxhomekeke kwisicelo). Jonga kwiiNkcukacha zeMetrics ngolwazi oluthe kratya.
Iinkcukacha zeMetrics
Sidwelise idatha eqokelelweyo ngohlobo lwesixhobo. Sebenzisa u-Ctrl + F ukukhangela iitafile ngegama elingundoqo.

-6-

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Flow Collector

Inkcazo yokuchongwa kweMetric

izixhobo_cache.ezisebenzayo

Inani leedilesi ezisebenzayo ze-MAC ezivela kwi-ISE kwindawo yokugcina izixhobo.

Uhlobo loQokelelo
Umfanekiso omfutshane

izixhobo_ cache.cinyiwe
izixhobo_ cache.lahliwe
izixhobo_cache.new
flow_stats.fps flow_stats.flows
flow_cache.active
flow_cache.iwisiwe
flow_cache.iphelile
flow_cache.max flow_ cache.percentage
flow_cache.iqalisiwe
host_cache.cached

Inani leedilesi ze-MAC ezicinyiweyo kwi-ISE kwindawo yokugcina izixhobo kuba ixesha liphelile.

Eyongezelekayo

Inani leedilesi eziwisiweyo ze-MAC ezivela kwi-ISE ngenxa yokuba i-cache yezixhobo igcwele.

Eyongezelekayo

Inani leedilesi ezintsha ze-MAC ezivela kwi-ISE ezifakwe kwindawo yokugcina izixhobo.

Eyongezelekayo

Ukuphuma ngaphandle ngesekondi ngomzuzu wokugqibela. Ikhefu

Ukuqukuqela okungaphakathi kusetyenziwe.

Ikhefu

Inani lemiqukuqelo esebenzayo kwi-Cache yoMqokeleli oPhuphumayo.

Umfanekiso omfutshane

Inani lemiqukuqelo yehlisiwe ngenxa yokuba i-Cache yoMqokeleli oPhuphumayo igcwele.

Eyongezelekayo

Inani lokuqukuqela elipheliswe kwi-Cache yoMqokeleli oPhuphumayo.

Ikhefu

Obona bungakanani bobungakanani boMqokeleli oPhuphumayo wecache. Ikhefu

Ipesenti yomthamo we-flow Collector cache

Ikhefu

Inani lemiqukuqelo eyongeziweyo kwi-Cache yoMqokeleli oPhuphumayo.

Eyongezelekayo

Inani leenginginya kwindawo yokugcina indawo.

Ikhefu

-7-

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Inkcazo yokuchongwa kweMetric

Uhlobo loQokelelo

hosts_cache.cinyiwe Inani lenginginya elicinyiweyo kwindawo yokugcina indawo.

Eyongezelekayo

host_cache.yehlile

Inani leenginginya lehlile ngenxa yokuba indawo yokugcina indawo igcwele.

Eyongezelekayo

host_cache.max

Olona bungakanani bendawo yokugcina indawo yokugcina.

Ikhefu

host_cache.new

Inani lenginginya ezintsha ezongeziweyo kwindawo yokugcina indawo.

Eyongezelekayo

host_ cache.percentage

Ipesenti yomthamo wecache yomamkeli.

Ikhefu

host_ cache.probationary_ icinyiwe

Inani leenginginya zovavanyo* elicinyiweyo kwindawo yokugcina iinginginya.
*Iinginginya zovavanyo ngabamkeli abangazange babe ngumthombo weepakethi kunye nee-bytes. Ezinginginya zicinywa kuqala xa kucolwa indawo kwindawo yokugcina indawo.

Eyongezelekayo

ujongano.fps

Inani eliphumayo leenkcukacha-manani zojongano ngesekhondi ezithunyelwe kumazwe angaphandle kwi-Vertica.

Ikhefu

security_events_ cache.active

Inani leziganeko zokhuseleko ezisebenzayo kwicache yeziganeko zokhuseleko.

Umfanekiso omfutshane

security_events_ cache.dropped

Inani leziganeko zokhuseleko liyehlisiwe ngenxa yokuba i-cache yeziganeko zokhuseleko igcwele.

Eyongezelekayo

security_events_ cache.iphelile

Inani leziganeko zokhuseleko ezigqityiweyo kwicache yeziganeko zokhuseleko.

Eyongezelekayo

security_events_ cache.inserted

Inani leziganeko zokhuseleko ezifakwe kwitheyibhile yedatha.

Ikhefu

security_events_ cache.max

Obona bukhulu bobungakanani becache yeziganeko zokhuseleko.

Ikhefu

-8-

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Inkcazo yokuchongwa kweMetric

Uhlobo loQokelelo

security_events_ cache.percentage

Ipesenti yomthamo wecache yeziganeko zokhuseleko.

Ikhefu

security_events_ cache.started

Inani leziganeko zokhuseleko eziqaliweyo kwicache yeziganeko zokhuseleko.

Eyongezelekayo

session_cache.active

Inani leeseshini ezisebenzayo ezivela kwi-ISE kwi-cache yeseshoni.

Umfanekiso omfutshane

iseshoni_ cache.cinyiwe

Inani leeseshoni ezicinyiweyo kwi-ISE kwi-cache yeseshoni.

Eyongezelekayo

iseshoni_ cache.yehlisiwe

Inani leeseshini ezivela kwi-ISE lehlile ngenxa yokuba i-cache yeseshoni igcwele.

Eyongezelekayo

session_cache.new

Inani leeseshini ezintsha ezivela kwi-ISE ezifakwe kwi-cache yeseshoni.

Eyongezelekayo

abasebenzisi_cache.esebenzayo

Inani labasebenzisi abasebenzayo kwicache yabasebenzisi.

Umfanekiso omfutshane

abasebenzisi_cache.cinyiwe

Inani labasebenzisi abacinyiweyo kwicache yabasebenzisi ngenxa yokuba ixesha liphelile.

Eyongezelekayo

abasebenzisi_icache.yehlisiwe

Inani labasebenzisi lehlile ngenxa yokuba i-cache yabasebenzisi igcwele.

Eyongezelekayo

abasebenzisi_cache.new

Inani labasebenzisi abatsha kwi-cache yabasebenzisi.

Eyongezelekayo

phinda_iyure

Flow Collector iyure yokusetha kwakhona.

N / A

vertica_stats.query_ duration_sec_max

Elona xesha liphezulu lokuphendula imibuzo.

Eyongezelekayo

vertica_stats.query_ duration_sec_min

Ubuncinci bexesha lokuphendula imibuzo.

Eyongezelekayo

vertica_stats.query_ duration_sec_avg

Ixesha eliphakathi lempendulo yombuzo.

Eyongezelekayo

-9-

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Inkcazo yokuchongwa kweMetric

abathengisi ngaphandle.fc_count

Inani labathumeli kwamanye amazwe ngokoMqokeleli oPhuhlayo.

Uhlobo loQokelelo
Ikhefu

Flow Collector StatsD

Inkcazo yokuchongwa kweMetric

ndragent.unprocessable_ ukufumana

Inani lezinto ezifunyanisiweyo ze-NDR ezithathwa ngokuba azinakuqhubekeka.

ndr-agent.ownership_ registration_akuphumelelanga

Iinkcukacha zobuchwephesha: Inani leempazamo ezenzeke ngexesha lokufumana i-NDR.

ndr-agent.upload_ impumelelo

Inani leziphumo ze-NDR eziqhutywe ngempumelelo yi-arhente.

ndr-agent.upload_ ukusilela

Inani lee-NDR ezifunyanisiweyo ezifakwe ngaphandle kwempumelelo yiarhente.

ndr-agent.processing_ Inani lokusilela okuqatshelwe ngexesha le-NDR

ukusilela

ukuqhubekeka.

ndr-agent.processing_ Inani le-NDR eqhutywe ngempumelelo

impumelelo

iziphumo.

ndr-agent.old_file_ cima

Inani le files icinyiwe ngenxa yokuba mdala kakhulu.

ndr-agent.old_ registration_delete

Inani lababhalisele ubunini oburhoxisiweyo ngenxa yokuba badala kakhulu.

Uhlobo loQokelelo
I-Cumulative isusiwe yonke imihla
I-Cumulative isusiwe yonke imihla
I-Cumulative isusiwe yonke imihla
I-Cumulative isusiwe yonke imihla
I-Cumulative isusiwe yonke imihla
I-Cumulative isusiwe yonke imihla
I-Cumulative isusiwe yonke imihla
I-Cumulative isusiwe yonke imihla

- 10 -

IMpumelelo yoMthengi yeeMetrikhi zeDatha

IMetric Identification netflow fs_netflow netflow_bytes fs_netflow_bytes sflow sflow_bytes nvm_endpoint nvm_bytes nvm_netflow
all_sal_event all_sal_bytes

Inkcazo

Uhlobo loQokelelo

Zizonke iirekhodi zeNetFlow ezivela kubo bonke abathumela ngaphandle kweNetflow. Kubandakanya iirekhodi zeNVM.

I-Cumulative isusiwe yonke imihla

Iirekhodi ze-Netflow ezifunyenwe kwi-Flow Sensors kuphela.

I-Cumulative isusiwe yonke imihla

Itotali yeebhayithi zeNetFlow ezifunyenwe kuye nawuphi na umthumeli ngaphandle weNetFlow. Kubandakanya iirekhodi zeNVM.

I-Cumulative isusiwe yonke imihla

I-byte ye-NetFlow efunyenwe kwi-Flow Sensors kuphela.

I-Cumulative isusiwe yonke imihla

Iirekhodi ze-sFlow ezifunyenwe kuye nawuphi na umthumeli ngaphandle kwe-sFlow.

I-Cumulative isusiwe yonke imihla

I-sFlow bytes efunyenwe kuye nawuphi umthumeli ngaphandle we-sFlow.

I-Cumulative isusiwe yonke imihla

Isiphelo se-NVM esisodwa esibonwayo namhlanje (ngaphambi kokusetha kwakhona imihla ngemihla).

I-Cumulative isusiwe yonke imihla

Iibhayithi ze-NVM ezifunyenweyo (kubandakanywa ukuhamba, isiphelo, iCumulative

kunye neerekhodi ze-endpoint_interface).

icocwa yonke imihla

Iibhayithi ze-NVM ezifunyenweyo (kubandakanywa ukuhamba, isiphelo, iCumulative

kunye neerekhodi ze-endpoint_interface).

icocwa yonke imihla

Zonke iziganeko zoHlalutyo zoKhuseleko kunye nokuLogina (i-OnPrem) ezifunyenweyo (kubandakanya i-Adaptive Security Appliance kunye ne-non-Adaptive Security Appliance), zibalwa ngenani leziganeko ezifunyenweyo.

I-Cumulative isusiwe yonke imihla

Lonke uHlalutyo loKhuseleko kunye nokuLoga (i-OnPrem) eyongezelelekileyo

- 11 -

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Ukuchongwa kweMetric
ftd_sal_event ftd_sal_bytes ftd_lina_bytes ftd_lina_isiganeko
Umphathi

Inkcazo

Uhlobo loQokelelo

imisitho efunyenweyo (kuquka isiXhobo soKhuseleko esiLungelelekayo kunye nesiXhobo soKhuseleko esinga-Adaptive, sibalwa ngenani leebhayithi ezifunyenweyo.

icocwa yonke imihla

Uhlalutyo loKhuseleko kunye nokuLoga (i-OnPrem) (isiXhobo soKhuseleko esingaguqukiyo) iziganeko ezifunyenwe kwi-Firepower Threat Defense / izixhobo ze-NGIPS kuphela.

I-Cumulative isusiwe yonke imihla

Uhlalutyo loKhuseleko kunye nokuLoga (i-OnPrem) (isiXhobo soKhuseleko esingaguquguqukiyo) ngamabhayithi afunyenwe kwi-Firepower Threat Defense/NGIPS izixhobo kuphela.

I-Cumulative isusiwe yonke imihla

Iibhayithi zePlane yeDatha ezifunyenwe kwiFirepower Threat Defense izixhobo kuphela.

I-Cumulative isusiwe yonke imihla

Iziganeko zePlanethi yeDatha efunyenwe kwiFirepower Threat Defense izixhobo kuphela.

I-Cumulative isusiwe yonke imihla

Iziganeko zeSixhobo soKhuseleko oluLungelelelayo zifunyenwe kwizixhobo zoKhuseleko oluLungelelelayo kuphela.

I-Cumulative isusiwe yonke imihla

Iibhayithi ze-ASA ezifunyenwe kwi-Adaptive Security Appliance izixhobo kuphela.

I-Cumulative isusiwe yonke imihla

Inkcazo yokuchongwa kweMetric

exporter_cleaner_ cleaning_enabled

Ibonisa ukuba i-Inactive Interfaces kunye ne-Exporters Cleaner yenziwe yasebenza.

Uhlobo loQokelelo
Umfanekiso omfutshane

- 12 -

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Inkcazo yokuchongwa kweMetric

Uhlobo loQokelelo

exporter_cleaner_ inactive_threshold

Inani leeyure umntu othumela ngaphandle angakwazi ukusebenza phambi kokuba asuswe.

Umfanekiso omfutshane

exporter_cleaner_

Ibonisa ukuba ngaba uMcoci kufuneka asebenzise i

usebenzisa_legacy_cleaner umsebenzi wokucoca ilifa.

Umfanekiso omfutshane

exporter_cleaner_ iiyure_after_reset

Inani leeyure emva kokusetha kwakhona indawo ekufuneka icocwe.

Umfanekiso omfutshane

exporter_cleaner_ interface_without_ status_presumed_ stale

Ibonisa ukuba ingaba uMcoci uyalususa na ujongano obelungaziwa nguMqokeleli oHambayo kwiyure yokuseta ngokutsha, ebaphatha njengengasebenziyo.

Umfanekiso omfutshane

ndrcoordinator.files_ ilayishiwe

Ibonisa ukuba ukuhanjiswa kweNethiwekhi eKhuselekileyo kuHlalutya lusebenza njengoGcino lweDatha.

Umfanekiso omfutshane

ingxelo_igqityiwe

Igama lengxelo kunye nexesha le-milliseconds (Umphathi kuphela).

N / A

report_params

Izihluzi ezisetyenziswa xa uMphathi ebuza koovimba boMqokeleli wokuHamba.
Idatha ithunyelwe ngaphandle kombuzo ngamnye:
l inani eliphezulu lemiqolo l ibandakanya-ujongano-data iflegi l iflegi yombuzo okhawulezayo l iflegi yokubala l ibaleka-bala iflegi l ihamba izihluzo zesalathiso l ulandelelwano-ngekholamu l imihlathi ehlala ikholamu iflegi l Ixesha lokuqalisa kwefestile yomhla kunye nexesha l Ixesha lefestile yokuphela komhla kunye nexesha l Inani leekhrayitheriya zeID yesixhobo l Inani leekhrayitheriya zojongano lweID

Umfanekiso omfutshane
Ukuphindaphinda: Ngokwesicelo ngasinye

- 13 -

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Inkcazo yokuchongwa kweMetric

Uhlobo loQokelelo

l Inani leenqobo ze-IPs
l Inani leenqobo ze-IP zoluhlu
l Inani leenqobo zokukhetha amaqela
l Inani leenqobo zokukhetha abamkeli zindwendwe
l Nokuba iziphumo zihluzwa ngeedilesi ze-MAC
l Ingaba iziphumo zihluzwa ngezibuko ze-TCP/UDP
l Inani leenqobo zamagama abasebenzisi
l Nokuba iziphumo zihluzwa ngenani leebhayithi/ipakethi
l Nokuba iziphumo zihluzwa ngenani lilonke leebhayithi/ipakethi
l Nokuba iziphumo zihluzwa ngo URL
l Nokuba iziphumo zihluzwa ngokwemigaqo
l Nokuba iziphumo zihluzwa nge-id yesicelo
l Nokuba iziphumo zihluzwa ngokwenkqubo yegama
l Nokuba iziphumo zihluzwa ngenkqubo yehash
l Nokuba iziphumo zihluzwa ngoguqulelo lweTLS
l Inani lee-ciphers kwi-cipher suite criteria

domain.integration_ ad_count

Inani loqhagamshelwano lweAD.

Eyongezelekayo

isizinda.rpe_count

Inani lemigaqo-nkqubo yendima emiselweyo.

Eyongezelekayo

domain.hg_changes_ count

Utshintsho kubumbeko lweQela loMamkeli.

Eyongezelekayo

- 14 -

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Inkcazo yokuchongwa kweMetric

Uhlobo loQokelelo

integration_snmp

Ukusetyenziswa kwearhente yeSNMP.

N / A

integration_cognitive

Izilumkiso zezoyikiso zehlabathi (eyayifudula iyiNgqondo yoBukrelekrele) indibaniselwano yenziwe.

N / A

domain.iinkonzo

Inani leenkonzo ezichaziweyo.

Umfanekiso omfutshane

izicelo_default_ count

Inani lezicelo ezichaziweyo.

Umfanekiso omfutshane

smc_users_count

Inani labasebenzisi kwi Web App.

Umfanekiso omfutshane

login_api_count

Inani lokungena kwe-API.

Eyongezelekayo

login_ui_count

Inani le Web Ukungena kwe-App.

Eyongezelekayo

report_concurrency Inani leengxelo eziqhuba ngaxeshanye.

Eyongezelekayo

iapicall_ui_count

Inani leefowuni zoMphathi API usebenzisa i Web App.

Eyongezelekayo

iapicall_api_count

Inani loMphathi weefowuni ze-API usebenzisa i-API.

Eyongezelekayo

ctr.enabled

Cisco SecureX impendulo isoyikiso(eyayisakuba Cisco Threat Response) uhlanganiso yenziwe.

N / A

ctr.alarm_sender_ yenziwe yasebenza

Khusela iialam zoHlalutyiso lweNethiwekhi kwimpendulo yezoyikiso ye-SecureX ivuliwe.

N / A

ctr.alarm_sender_ minimal_severity

Ubuqatha obuncinci bee-alam ezithunyelwe kwimpendulo yezoyikiso ze-SecureX.

N / A

ctr.enrichment_ yenziwe yasebenza

Isicelo sokutyebisa esivela kwimpendulo yezoyikiso ye-SecureX yenziwe yasebenza.

N / A

ctr.enrichment_limit

Inani leziganeko eziphezulu zoKhuseleko eziza kubuyiselwa kwimpendulo yesongelo se-SecureX.

Eyongezelekayo

- 15 -

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Inkcazo yokuchongwa kweMetric

Uhlobo loQokelelo

ctr.enrichment_period

Ixesha lexesha leMinyhadala yoKhuseleko ukuba ibuyiselwe kwimpendulo yesongelo se-SecureX.

Eyongezelekayo

ctr.inombolo_ye_izicelo_zokuphucula

Inani lezicelo zokutyebisa ezifunyenwe kwimpendulo yezoyikiso ze-SecureX.

Eyongezelekayo

ctr.number_of_refer_ Inani lezicelo zoMphathi pivot link

izicelo

ifunyenwe kwimpendulo yezoyikiso ze-SecureX.

Eyongezelekayo

ctr.xdr_number_of_ alarms

Ubalo lwemihla ngemihla lweealam ezithunyelwa kwi-XDR.

Eyongezelekayo

ctr.xdr_number_of_ izaziso

Ubalo lwemihla ngemihla lwezilumkiso ezithunyelwa kwi-XDR.

Eyongezelekayo

ctr.xdr_sender_ yenziwe yasebenza

Yinyani/Asiyonyani ukuba uthumelo luvuliwe.

Umfanekiso omfutshane

failover_indima

Umphathi ophambili okanye owesibini indima ye-failover kwiqela.

N / A

ithambeka.cse_count

Inani leziganeko zokhuseleko zesiko le-ID yendawo.

Umfanekiso omfutshane

Umphathi weStatsD

Ukuchongwa kweMetric

Inkcazo

Uhlobo loQokelelo

ndrcoordinator.analytics_ yenziwe

Iphawula ukuba uHlalutyo luvuliwe. 1 ukuba ewe, 0 ukuba hayi.

Umfanekiso omfutshane

ndrcoordinator.agents_ uqhagamshelwe

Inani lee-arhente ze-NDR eziqhagamshelwe ngexesha lokugqibela loqhagamshelwano.

Umfanekiso omfutshane

ndrcoordinator.processing_ Inani leempazamo ngexesha lokufumana i-NDR

iimpazamo

ukuqhubekeka.

Eyongezelekayo

- 16 -

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Ukuchongwa kweMetric

Inkcazo

Uhlobo loQokelelo

ndrcoordinator.files_ ilayishiwe

Inani leziphumo ze-NDR ezifakwe ukuze ziqhubeke.

Eyongezelekayo

ndrevents.processing_errors

Inani le files isilele ukuqhubekeka ngenxa yokuba isixokelelwano asikhange sinikeze okufunyenweyo okanye ayikwazanga ukwahlula isicelo.

Eyongezelekayo

ndrevents.files_layishiwe

Inani le fileeziye zathunyelwa kwimisitho ye-NDR ukuze iqhutywe.

Eyongezelekayo

sna_swing_client_phila

Ikhawuntara yangaphakathi yeefowuni ze-API ezisetyenziswa nguMphathi we-Desktop yomxhasi we-SNA.

Umfanekiso omfutshane

i-swrm_iya_iyasetyenziswa

Ulawulo lweeMpendulo: Ixabiso ngu-1 ukuba uLawulo lweeMpendulo lusetyenziswa. Ixabiso ngu-0 ukuba alisetyenziswanga.

Umfanekiso omfutshane

imithetho_ye-wrm

Ulawulo lweeMpendulo: Inani lemithetho yesiko.

Umfanekiso omfutshane

swrm_action_imeyile

Ulawulo lweMpendulo: Inani lezenzo zesiko lohlobo lwe-imeyile.

Umfanekiso omfutshane

swrm_action_syslog_ umyalezo

Ulawulo lweMpendulo: Inani lezenzo zesiko lohlobo lomyalezo weSyslog.

Umfanekiso omfutshane

swrm_action_snmp_trap

Ulawulo lweeMpendulo: Inani lezenzo zesiko lohlobo lwe-SNMP Trap.

Umfanekiso omfutshane

swrm_action_ise_anc

ULawulo lweeMpendulo: Inani lezenzo zesiko lohlobo loMgaqo-nkqubo we-ISE ANC.

Umfanekiso omfutshane

swrm_action_webhook

Ulawulo lweempendulo: Inani lezenzo zesiko le Webuhlobo hook.

Umfanekiso omfutshane

swrm_action_ctr

ULawulo lweeMpendulo: Inani lezenzo zesiko lokusabela kwingozi Uhlobo lwesiganeko.

Umfanekiso omfutshane

- 17 -

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Metric Identification va_ct va_ce va_hcs va_ss va_ses sal_input_size sal_completed_size
Sal_flush_time
i-sal_batches_iphumelele

Inkcazo

Uhlobo loQokelelo

UVavanyo lokuJonga: Ixesha lokubaleka elibalwe kwiimilliseconds.

Umfanekiso omfutshane

UVavanyo lokuBoneka: Inani leempazamo (xa kubalo kuphazamiseka).

Umfanekiso omfutshane

UVavanyo lokuJonga: Ubungakanani bempendulo ye-API ye-Host kwi-bytes (bona ubungakanani bempendulo egqithisileyo).

Umfanekiso omfutshane

UVavanyo lokuJonga: Ubungakanani bempendulo ye-Scanners ye-API kwiibhayithi (bona ubungakanani bempendulo egqithisileyo).

Umfanekiso omfutshane

Uvavanyo lokuJonga: Ubungakanani bempendulo ye-API yeziganeko zoKhuseleko kwiibytes (bona ubungakanani bempendulo egqithisileyo).

Umfanekiso omfutshane

Inani lamangenelo kumgca wokufaka umbhobho.

Umfanekiso omfutshane
Ukuphindaphinda: 1 umzuzu

Inani lamangenelo kumgca webhetshi ogqityiweyo.

Umfanekiso omfutshane
Ukuphindaphinda: 1 umzuzu

Ubungakanani bexesha kwiimilliseconds ukususela ekugungxuleni kombhobho wokugqibela.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Umfanekiso omfutshane
Ukuphindaphinda: 1 umzuzu

Inani leebhetshi ezibhalwe ngempumelelo kwi file.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ikhefu
Ukuphindaphinda: 1 umzuzu

- 18 -

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Isazisi seMetric sal_batches_processed sal_batches_failed sal_files_isusiwe sal_files_failed sal_files_ilahliwe_imigca yesal_ebhalwayo_i-sal_rows_eyenziwe_i-sal_rows_ayiphumelelanga

Inkcazo

Uhlobo loQokelelo

Inani leebhetshi ezisetyenzisiweyo. Ikhefu

Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ukuphindaphinda: 1 umzuzu

Inani leebhetshi ezisileleyo ukugqiba ukubhala kwi file.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ikhefu
Ukuphindaphinda: 1 umzuzu

Inani le files isiwe kulawulo olulungisiweyo.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ikhefu
Ukuphindaphinda: 1 umzuzu

Inani le fileezisilele ukushukunyiswa.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ikhefu
Ukuphindaphinda: 1 umzuzu

Inani le files ilahlwe ngenxa yempazamo.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ikhefu
Ukuphindaphinda: 1 umzuzu

Inani lemiqolo ebhaliweyo kwireferensi file.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ikhefu
Ukuphindaphinda: 1 umzuzu

Inani lemiqolo esetyenzisiweyo.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ikhefu
Ukuphindaphinda: 1 umzuzu

Inani lemiqolo engaphumelelanga ukubhalwa. Ikhefu

Ifumaneka nge-Security Analytics kunye

Ukuphindaphinda:

- 19 -

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Ukuchongwa kweMetric
sal_total_batches_ iphumelele isal_total_batches_ iqhubeke isal_total_batches_failed
isal_totali_fileisusiwe
isal_totali_files_ayiphumelelanga
isal_totali_files_lahliweyo isal_total_rows_written

Inkcazo

Uhlobo loQokelelo

Ukuloga (OnPrem) Indawo enye kuphela.

1 umzuzu

Lilonke inani leebhetshi ezibhalwe ngempumelelo kwi file.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ukuqala kwe-App
Ukuphindaphinda: 1 umzuzu

Lilonke inani leebhetshi ezisetyenzisiweyo.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ukuqala kwe-App
Ukuphindaphinda: 1 umzuzu

Lilonke inani le fileabathe basilela ukugqiba ukubhala kwi file.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ukuqala kwe-App
Ukuphindaphinda: 1 umzuzu

Lilonke inani le files isiwe kulawulo olulungisiweyo.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ukuqala kwe-App
Ukuphindaphinda: 1 umzuzu

Lilonke inani le fileezisilele ukushukunyiswa.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ukuqala kwe-App
Ukuphindaphinda: 1 umzuzu

Lilonke inani le files ilahlwe ngenxa yempazamo.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ukuqala kwe-App
Ukuphindaphinda: 1 umzuzu

Itotali yenani lemiqolo ebhaliweyo kwireferensi file.
Ifumaneka nge-Security Analytics kunye

Ukuqala kwe-App
Ukuphindaphinda: 1 umzuzu

- 20 -

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Ukuchongwa kweMetric
i-sal_total_rows_processed
isal_total_rows_failed sal_transformer_ sal_bytes_per_event sal_bytes_received sal_events_received sal_total_events_received sal_events_dropped

Inkcazo

Uhlobo loQokelelo

Ukuloga (OnPrem) Indawo enye kuphela.

Lilonke inani lemiqolo eyenziweyo.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ukuqala kwe-App
Ukuphindaphinda: 1 umzuzu

Lilonke inani lemiqolo engaphumelelanga ukubhalwa.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ukuqala kwe-App
Ukuphindaphinda: 1 umzuzu

Inani leempazamo zenguqu kule transformer.
Ifumaneka nge-Security Analytics kunye nokuLogging (OnPrem) i-Single-node kuphela.

Ikhefu
Ukuphindaphinda: 1 umzuzu

I-avareji yenani leebhayithi ngesiganeko ngasinye esifunyenweyo.

Ikhefu
Ukuphindaphinda: 1 umzuzu

Inani leebhayithi ezifunyenwe kwiseva ye-UDP.

Ikhefu
Ukuphindaphinda: 1 umzuzu

Inani lemisitho efunyenwe kwiseva ye-UDP.

Ikhefu
Ukuphindaphinda: 1 umzuzu

Lilonke inani leziganeko ezifunyenwe yi-router.

Ukuqala kwe-App

Inani leziganeko ezingenakucazululeka zehlisiwe.

Ikhefu
Ukuphindaphinda: 1 umzuzu

- 21 -

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Metric Identification sal_total_events_dropped sal_events_ignored sal_total_events_ignored sal_receive_queue_size sal_events_per second sal_bytes_per_second sna_trustsec_report_runs
UMlawuli we-UDP

Inkcazo

Uhlobo loQokelelo

Lilonke inani leziganeko ezingenakucazululeka lehlile.

Ukuqala kwe-App
Ukuphindaphinda: 1 umzuzu

Inani leziganeko ezingahoywanga/ ezingaxhaswanga.

Ikhefu
Ukuphindaphinda: 1 umzuzu

Lilonke inani leziganeko ezingahoywanga/ ezingaxhaswanga.

Ukuqala kwe-App
Ukuphindaphinda: 1 umzuzu

Inani lemisitho kumgca wokufumana.

Umfanekiso omfutshane
Ukuphindaphinda: 1 umzuzu

Izinga lokusela (iziganeko ngesekhondi).

Ikhefu
Ukuphindaphinda: 1 umzuzu

Ireyithi yokumeza (bytes ngesekhondi).

Ikhefu
Ukuphindaphinda: 1 umzuzu

Inani lezicelo zengxelo zeTrustSec zemihla ngemihla.

Eyongezelekayo

Inkcazo yokuchongwa kweMetric

imithombo_ukubalwa

Inani lemithombo.

Uhlobo loQokelelo
Umfanekiso omfutshane

- 22 -

IMpumelelo yoMthengi yeeMetrikhi zeDatha

Inkcazo yokuchongwa kweMetric

imithetho_ukubala iipakethi_iipakethi ezingangqinelaniyo_ziwisiwe

Inani lemigaqo. Ubuninzi bepakethi ezingahambelaniyo. Iipakethi eziwisiweyo eth0.

NONE

Zonke izixhobo

Inkcazo yokuchongwa kweMetric

Uhlobo loQokelelo

iqonga

iqonga Hardware (ex: Dell 13G, KVM Virtual Platform).

N / A

uthotho

Inombolo yothotho lwesixhobo.

N / A

inguqulelo

Inombolo yenguqulo ye-Network Analytics ekhuselekileyo (ex: 7.1.0).

N / A

version_build

Yakha inombolo (ex: 2018.07.16.2249-0).

N / A

version_patch

Inombolo yesiqwenga.

N / A

csm_uguqulelo

Impumelelo yoMthengi Uguqulelo lwekhowudi yeeMetrics (ex: 1.0.24-SNAPSHOT).

N / A

power_supply.status

Umphathi kunye noQuquzelelo loMqokeleli manani ombane.

Umfanekiso omfutshane

productInstanceName Smart isichongi semveliso yeLayisensi.

N / A

- 23 -

Ukuqhagamshelana neNkxaso
Ukuqhagamshelana neNkxaso
Ukuba ufuna inkxaso yobugcisa, nceda wenze enye yezi zilandelayo: l Qhagamshelana neCisco Partner yakho yendawo l Qhagamshelana neCisco Support l Ukuvula ityala nge web: http://www.cisco.com/c/en/us/support/index.html l Ngenkxaso yefowuni: 1-800-553-2447 (US) l Kumanani enkxaso yehlabathi jikelele: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

- 24 -

Guqula iMbali

Uxwebhu lwenguqulelo 1_0

Umhla wokupapashwa nge-18 ka-Agasti 2025

Guqula iMbali
Inkcazelo Version yokuqala.

- 25 -

Ulwazi lwelungelo lokushicilela
I-Cisco kunye ne-logo yeCisco ziimpawu zorhwebo okanye iimpawu zorhwebo ezibhalisiweyo zeCisco kunye/okanye namahlakani ayo e-US nakwamanye amazwe. Ukuya view uluhlu lweempawu zorhwebo zeCisco, yiya kule URL: https://www.cisco.com/go/trademarks. Iimpawu zokuthengisa zomntu wesithathu ezikhankanyiweyo ziyipropathi yabanini bazo. Ukusetyenziswa kwegama elithi iqabane akuthethi ukuba ubudlelwane phakathi kweCisco kunye nayo nayiphi na enye inkampani. (1721R)
© 2025 Cisco Systems, Inc. kunye/okanye namahlakani ayo. Onke Amalungelo Agciniwe.

Amaxwebhu / Izibonelelo

Cisco Secure Network Analytics [pdf] Isikhokelo somsebenzisi
I-v7.5.3, i-Network Analytics ekhuselekileyo, i-Network Analytics ekhuselekileyo, i-Network Analytics, i-Analytics

Iimbekiselo

Incwadi yokusebenzisa

Cisco Secure Network Analytics User Guide

Uhlalutyo lweNethiwekhi ekhuselekileyo

Ulwazi lweMveliso

Iinkcukacha:

Imiyalelo yokusetyenziswa kwemveliso

Ukuqwalasela iNetwork Firewall:

Ukuqwalasela uMphathi:

Iyakhubaza iiMetric zeMpumelelo yoMthengi:

FAQ (imibuzo ebuzwa rhoqo)

Ndazi njani ukuba iMetrics yeMpumelelo yoMthengi yenziwe yasebenza?

Yeyiphi idatha eyenziwa yi-Secure Network Analytics?

Amaxwebhu / Izibonelelo

Iimbekiselo

Shiya uluvo

Rhoxisa impendulo