I-Cisco Secure Network Analytics User Guide

Chofoza isithonjana se-(Ellipsis) somshini bese ukhetha Hlela
Ukucushwa Kwensiza.
Kuthebhu ethi Okujwayelekile, skrola kokuthi Izinsiza Zangaphandle bese ungahloli
Nika amandla amamethrikhi empumelelo yekhasimende.

Chofoza okuthi Sebenzisa Izilungiselelo bese ulondoloza izinguquko njengoba uyaliwe.
Qinisekisa Isimo Sokusebenza sibuyela kokuthi Ixhumeke Emaphakathi
Ithebhu Yokusungula Yokuphatha.

I-FAQ (Imibuzo Evame Ukubuzwa)

Ngazi kanjani uma I-Metrics Yempumelelo Yekhasimende inikwe amandla?

I-Customer Success Metrics inikwa amandla ngokuzenzakalela kokuthi Secure yakho
Imishini ye-Network Analytics.

Iyiphi idatha ekhiqizwa i-Secure Network Analytics?

I-Secure Network Analytics ikhiqiza i-JSON file ngedatha yamamethrikhi
elithunyelwa efwini.

“`

View Fullscreen

I-Cisco Secure Network Analytics
Umhlahlandlela Wokulungisa Imethrikhi Yempumelelo Yekhasimende 7.5.3

Okuqukethwe

Kuphelileview

Ilungiselela i-Network Firewall

Ilungiselela Umphathi

Ikhubaza Amamethrikhi Empumelelo Yekhasimende

Idatha ye-Metrics Yempumelelo Yekhasimende

Izinhlobo Zokuqoqwa

Imininingwane Yemethrikhi

Flow Collector

I-Flow Collector StatsD

Umphathi

Izibalo zomphathiD

Umqondisi we-UDP

Zonke Izinsiza

Ixhumana Nosekelo

Shintsha Umlando

-2-

Kuphelileview
Kuphelileview
I-Customer Success Metrics inika amandla idatha ye-Cisco Secure Network Analytics (ngaphambilini eyayibizwa ngokuthi i-Stealthwatch) ukuthi ithunyelwe emafini ukuze sikwazi ukufinyelela kulwazi olubalulekile olumayelana nokusetshenziswa, impilo, ukusebenza, nokusetshenziswa kwesistimu yakho.
l Inikwe amandla: I-Metrics Yempumelelo Yekhasimende inikwa amandla ngokuzenzakalela ezintweni zakho zikagesi ezivikelekile ze-Secure Network Analytics.
l Ukufinyelela I-inthanethi: Ukufinyelela ku-inthanethi kuyadingeka kumamethrikhi empumelelo yekhasimende. l I-Cisco Security Service Exchange: I-Cisco Security Service Exchange inikwe amandla
ngokuzenzakalelayo ku-v7.5.x futhi iyadingeka kumamethrikhi empumelelo yekhasimende. l Idatha Files: I-Secure Network Analytics ikhiqiza i-JSON file ngedatha yamamethrikhi.
Idatha isuswa entweni ngokushesha ngemva kokuthunyelwa emafini.
Lo mhlahlandlela uhlanganisa ulwazi olulandelayo:
l Ukumisa i-Firewall: Lungiselela i-firewall yenethiwekhi yakho ukuze uvumele ukuxhumana kusuka ezintweni zakho zikagesi kuya emafini. Bheka Ukulungiselela I-Firewall Yenethiwekhi.
l Ukukhubaza Amamethrikhi Empumelelo Yekhasimende: Ukuze uphume Kumamethrikhi Empumelelo Yekhasimende, bheka Ukukhubaza Amamethrikhi Empumelelo Yekhasimende.
l Amamethrikhi Empumelelo Yekhasimende: Ukuze uthole imininingwane mayelana namamethrikhi, bheka kudatha ye-Metrics Yempumelelo Yekhasimende.
Ukuze uthole ulwazi mayelana nokugcinwa kwedatha nokuthi ungacela kanjani ukususwa kwamamethrikhi okusetshenziswa aqoqwe yi-Cisco, bheka Ishidi Ledatha Yobumfihlo ye-Cisco Secure Network Analytics. Ukuze uthole usizo, sicela uthinte i-Cisco Support.

-3-

Ilungiselela i-Network Firewall
Ilungiselela i-Network Firewall
Ukuze uvumele ukuxhumana okuvela ezinsizeni zakho kuya emafini, lungiselela i-firewall yenethiwekhi yakho kumphathi wakho we-Cisco Secure Network Analytics (owayekade eyi-Stealthwatch Management Console).
Qiniseka ukuthi ugesi wakho unokufinyelela ku-inthanethi.
Ilungiselela Umphathi
Lungiselela i-firewall yenethiwekhi yakho ukuze uvumele ukuxhumana kusuka kubaphathi bakho kuya kulawa makheli e-IP alandelayo kanye nembobo 443:
l api-sse.cisco.com l est.sco.cisco.com l mx*.sse.itd.cisco.com l dex.sse.itd.cisco.com l eventing-ingest.sse.itd.cisco.com
Uma i-DNS yomphakathi ingavunyelwe, qiniseka ukuthi ulungisa ukulungiswa endaweni kokuthi Abaphathi bakho.

-4-

Ikhubaza Amamethrikhi Empumelelo Yekhasimende
Ikhubaza Amamethrikhi Empumelelo Yekhasimende
Sebenzisa imiyalelo elandelayo ukuze ukhubaze Amamethrikhi Empumelelo Yekhasimende kusisetshenziswa.
1. Ngena kuMphathi wakho. 2. Khetha Hlela > Umhlaba > Ukuphatha Okuphakathi. 3. Chofoza isithonjana (se-Ellipsis) somshini. Khetha Hlela Umshini
Ukucushwa. 4. Chofoza ithebhu ethi Okujwayelekile. 5. Skrolela engxenyeni ethi Izinkonzo Zangaphandle. 6. Susa ukumaka ibhokisi lokuhlola elithi Vumela Imethrikhi Yempumelelo Yekhasimende. 7. Chofoza okuthi Sebenzisa Izilungiselelo. 8. Landela imiyalo esesikrinini ukuze ulondoloze izinguquko zakho. 9. Kuthebhu ye-Central Management Inventory, qinisekisa ukuthi Isimo Sensiza sibuyela kuyo
Ixhunyiwe. 10. Ukuze ukhubaze Amamethrikhi Empumelelo Yekhasimende kwesinye isisetshenziswa, phinda izinyathelo 3 ukuya phambili
9.

-5-

Idatha ye-Metrics Yempumelelo Yekhasimende
Idatha ye-Metrics Yempumelelo Yekhasimende
Uma ama-metrics empumelelo yekhasimende enikwe amandla, amamethrikhi aqoqwa kusistimu futhi alayishwe njalo emahoreni angama-24 emafini. Idatha isuswa entweni ngokushesha ngemva kokuthunyelwa emafini. Asiqoqi idatha yokuhlonza njengamaqembu abasingathi, amakheli e-IP, amagama abasebenzisi, noma amagama ayimfihlo.
Ukuze uthole ulwazi mayelana nokugcinwa kwedatha nokuthi ungacela kanjani ukususwa kwamamethrikhi okusetshenziswa aqoqwe yi-Cisco, bheka Ishidi Ledatha Yobumfihlo ye-Cisco Secure Network Analytics.
Izinhlobo Zokuqoqwa
Imethrikhi ngayinye iqoqwa njengenye yezinhlobo zeqoqo ezilandelayo:
l Ukuqala Kohlelo Lokusebenza: Okukodwa okufakiwe njalo ngomzuzu ongu-1 (kuqoqa yonke idatha kusukela kwaqala uhlelo).
l Okuhlanganisiwe: Okukodwa okufakiwe kwesikhathi samahora angama-24 l Isikhawu: Okukodwa okufakiwe njalo emizuzwini emi-5 (inani lama-288 enkathini yamahora angama-24) l Isifinyezo: Okukodwa okufakiwe kwephuzu ngesikhathi lapho umbiko kukhiqizwa khona.
Ezinye zezinhlobo zeqoqo ziqoqwa kumafrikhwensi ahlukene kunalezo ezimisiwe esizichaze lapha, noma zingase zilungiswe (kuya ngohlelo lokusebenza). Bheka Imininingwane Yemethrikhi ukuze uthole ulwazi olwengeziwe.
Imininingwane Yemethrikhi
Sifake kuhlu idatha eqoqiwe ngohlobo lwento kagesi. Sebenzisa u-Ctrl + F ukuze useshe amathebula ngegama elingukhiye.

-6-

Idatha ye-Metrics Yempumelelo Yekhasimende

Flow Collector

Incazelo ye-Metric Identification

device_cache.active

Inombolo yamakheli e-MAC asebenzayo asuka ku-ISE kunqolobane yamadivayisi.

Uhlobo Lweqoqo
Isifinyezo

device_ cache.deleted
device_ cache.yehliwe
device_cache.new
flow_stats.fps flow_stats.flows
flow_cache.active
i-flow_cache.yehlisiwe
i-flow_cache.iphelile
flow_cache.max flow_ cache.percentage
i-flow_cache.iqalile
hosts_cache.cached

Inombolo yamakheli e-MAC asusiwe ku-ISE kunqolobane yamadivayisi ngoba aphelelwe yisikhathi.

Okuqongelelwe

Inombolo yamakheli e-MAC awehlisiwe asuka ku-ISE ngoba inqolobane yamadivayisi igcwele.

Okuqongelelwe

Inombolo yamakheli amasha e-MAC asuka ku-ISE engezwe kunqolobane yamadivayisi.

Okuqongelelwe

Okuphumayo kugeleza ngesekhondi ngayinye ngomzuzu wokugcina. Isikhawu

Ukugeleza kwangaphakathi kucutshunguliwe.

Isikhawu

Inani lokugeleza okusebenzayo kunqolobane yokugeleza Koqoqo Olugelezayo.

Isifinyezo

Inani lokugeleza lehlile ngenxa yokuthi inqolobane yokugeleza Koqoqo Olugelezayo igcwele.

Okuqongelelwe

Inombolo yokugeleza iphele kunqolobane yokugeleza Koqoqo Olugelezayo.

Isikhawu

Umkhawulo kasayizi wenqolobane yokugeleza Koqoqo Olugelezayo. Isikhawu

Iphesenti lomthamo wenqolobane yokugeleza Koqoqo Olugelezayo

Isikhawu

Inani lokugeleza kwengezwe kunqolobane yokugeleza Koqoqo Olugelezayo.

Okuqongelelwe

Inombolo yabasingathi kunqolobane yomsingathi.

Isikhawu

-7-

Idatha ye-Metrics Yempumelelo Yekhasimende

Incazelo ye-Metric Identification

Uhlobo Lweqoqo

hosts_cache.isusiwe Inombolo yabasingathi esusiwe kunqolobane yosokhaya.

Okuqongelelwe

i-hosts_cache.yehlisiwe

Inani labasingathi lehlile ngenxa yokuthi inqolobane yosokhaya igcwele.

Okuqongelelwe

host_cache.max

Umkhawulo kasayizi wenqolobane yomsingathi.

Isikhawu

host_cache.new

Inombolo yabasingathi abasha engezwe kunqolobane yosokhaya.

Okuqongelelwe

host_ cache.percentage

Iphesenti lomthamo wenqolobane yomsingathi.

Isikhawu

i-hosts_ cache.probationary_ isusiwe

Inani labasingathi abahlolwayo* elisusiwe kunqolobane yabasingathi.
*Abasingathi abangalindelekile bangabasingathi abangakaze babe umthombo wamaphakethe namabhayithi. Laba basokhaya basuswa kuqala lapho kuvuleka isikhala kunqolobane yomsingathi.

Okuqongelelwe

interfaces.fps

Inombolo ephumayo yezibalo zokusebenzelana ngesekhondi ngayinye ethunyelwa ku-Vertica.

Isikhawu

security_events_ cache.active

Inombolo yemicimbi yokuvikela esebenzayo kunqolobane yemicimbi yezokuphepha.

Isifinyezo

security_events_ cache.yehlisiwe

Inombolo yemicimbi yezokuphepha yehlisiwe ngoba inqolobane yemicimbi yezokuphepha igcwele.

Okuqongelelwe

security_events_ cache.iphelile

Inombolo yemicimbi yokuphepha eqediwe kunqolobane yemicimbi yezokuphepha.

Okuqongelelwe

security_events_ cache.inserted

Inombolo yezehlakalo zokuphepha ezifakwe kuthebula lesizindalwazi.

Isikhawu

security_events_ cache.max

Umkhawulo kasayizi wenqolobane yemicimbi yokuvikeleka.

Isikhawu

-8-

Idatha ye-Metrics Yempumelelo Yekhasimende

Incazelo ye-Metric Identification

Uhlobo Lweqoqo

security_events_ cache.percentage

Iphesenti lomthamo wenqolobane yemicimbi yezokuphepha.

Isikhawu

security_events_ cache.started

Inombolo yemicimbi yokuvikela eqalisiwe kunqolobane yemicimbi yezokuphepha.

Okuqongelelwe

session_cache.active

Inombolo yezikhathi ezisebenzayo ezivela ku-ISE kunqolobane yeseshini.

Isifinyezo

iseshini_ inqolobane.isusiwe

Inombolo yezikhathi ezisusiwe ku-ISE kunqolobane yeseshini.

Okuqongelelwe

iseshini_ inqolobane.yehliwe

Inani lezikhathi ezivela ku-ISE lehlile ngoba inqolobane yamaseshini igcwele.

Okuqongelelwe

session_cache.new

Inombolo yamaseshini amasha avela ku-ISE engezwe kunqolobane yeseshini.

Okuqongelelwe

users_cache.active

Inombolo yabasebenzisi abasebenzayo kunqolobane yabasebenzisi.

Isifinyezo

abasebenzisi_inqolobane.isusiwe

Inombolo yabasebenzisi abasusiwe kunqolobane yabasebenzisi ngoba baphelelwe yisikhathi.

Okuqongelelwe

user_cache.yehlisiwe

Inombolo yabasebenzisi yehlisiwe ngoba inqolobane yabasebenzisi igcwele.

Okuqongelelwe

users_cache.new

Inombolo yabasebenzisi abasha kunqolobane yabasebenzisi.

Okuqongelelwe

setha kabusha_ihora

Ihora lokusetha kabusha le-Flow Collector.

N/A

vertica_stats.query_ duration_sec_max

Isikhathi esiphezulu sempendulo yombuzo.

Okuqongelelwe

vertica_stats.query_ duration_sec_min

Isikhathi esincane sokuphendula imibuzo.

Okuqongelelwe

vertica_stats.query_ duration_sec_avg

Isikhathi esimaphakathi sokuphendula umbuzo.

Okuqongelelwe

-9-

Idatha ye-Metrics Yempumelelo Yekhasimende

Incazelo ye-Metric Identification

exporters.fc_count

Inombolo yabathekelisi nge-Flow Collector ngayinye.

Uhlobo Lweqoqo
Isikhawu

I-Flow Collector StatsD

Incazelo ye-Metric Identification

ukuthola.okungenakucutshungulwa_

Inombolo yemiphumela ye-NDR ethathwa njengengacutshungulwe.

ndr-agent.ownership_ registration_yehlulekile

Imininingwane yobuchwepheshe: Inombolo yohlobo oluthile lwamaphutha enzeke ngesikhathi sokucubungula i-NDR.

ndr-agent.upload_ impumelelo

Inombolo yokutholwa kwe-NDR okucutshungulwe ngempumelelo umenzeli.

ukwehluleka kwe-ndr-agent.upload_

Inani lokutholwe kwe-NDR elilayishwe ngempumelelo umenzeli.

ndr-agent.processing_ Inombolo yokwehluleka okubonwe ngesikhathi se-NDR

ukwehluleka

ukucubungula.

ndr-agent.processing_ Inombolo ye-NDR ecutshungulwe ngempumelelo

impumelelo

okutholakele.

ndr-agent.old_file_ susa

Inombolo ye files isusiwe ngenxa yokuthi indala kakhulu.

ndr-agent.old_ registration_delete

Inombolo yokubhaliswa kobunikazi ehoxisiwe ngenxa yokuthi indala kakhulu.

Uhlobo Lweqoqo
Ukuqongelela kusulwa nsuku zonke
Ukuqongelela kusulwa nsuku zonke
Ukuqongelela kusulwa nsuku zonke
Ukuqongelela kusulwa nsuku zonke
Ukuqongelela kusulwa nsuku zonke
Ukuqongelela kusulwa nsuku zonke
Ukuqongelela kusulwa nsuku zonke
Ukuqongelela kusulwa nsuku zonke

- 10 -

Idatha ye-Metrics Yempumelelo Yekhasimende

I-Metric Identification netflow fs_netflow netflow_bytes fs_netflow_bytes sflow sflow_bytes nvm_endpoint nvm_bytes nvm_netflow
all_sal_event all_sal_bytes

Incazelo

Uhlobo Lweqoqo

Isamba samarekhodi e-NetFlow avela kubo bonke abathumeli be-Netflow. Kufaka phakathi amarekhodi e-NVM.

Ukuqongelela kusulwa nsuku zonke

Amarekhodi e-Netflow atholwe ku-Flow Sensors kuphela.

Ukuqongelela kusulwa nsuku zonke

Isamba samabhayithi e-NetFlow atholwe kunoma yimuphi umthumeli we-NetFlow. Kufaka phakathi amarekhodi e-NVM.

Ukuqongelela kusulwa nsuku zonke

Amabhayithi e-NetFlow atholwe ku-Flow Sensors kuphela.

Ukuqongelela kusulwa nsuku zonke

Amarekhodi e-sFlow atholwe kunoma yimuphi umthengisi we-sFlow.

Ukuqongelela kusulwa nsuku zonke

Amabhayithi e-sFlow atholwe kunoma yimuphi umthumeli ngaphandle we-sFlow.

Ukuqongelela kusulwa nsuku zonke

Amaphoyinti okugcina e-NVM abonwa namuhla (ngaphambi kokusetha kabusha kwansuku zonke).

Ukuqongelela kusulwa nsuku zonke

Amabhayithi e-NVM atholiwe (okuhlanganisa ukugeleza, indawo yokugcina, Okuqongelelekayo

kanye namarekhodi e-endpoint_interface).

kusulwe nsuku zonke

Amabhayithi e-NVM atholiwe (okuhlanganisa ukugeleza, indawo yokugcina, Okuqongelelekayo

kanye namarekhodi e-endpoint_interface).

kusulwe nsuku zonke

Yonke imicimbi ye-Security Analytics and Logging (OnPrem) yamukelwe (okuhlanganisa Isisetshenziswa Sokuvikela Esishintshashintshayo kanye Nesisetshenziswa Sokuvikela esingaguquki), kubalwa ngenani lemicimbi etholiwe.

Ukuqongelela kusulwa nsuku zonke

Zonke Izibalo Zokuphepha Nokuloga (OnPrem) Okuqoqwayo

- 11 -

Idatha ye-Metrics Yempumelelo Yekhasimende

I-Metric Identification
ftd_sal_event ftd_sal_bytes ftd_lina_bytes ftd_lina_event asa_asa_event asa_asa_bytes
Umphathi

Incazelo

Uhlobo Lweqoqo

izehlakalo ezitholiwe (okuhlanganisa Isisetshenziswa Sokuvikela Esishintshashintshayo kanye Nesisetshenziswa Sokuvikela esingaguquki, sibalwa ngenani lamabhayithi atholiwe.

kusulwe nsuku zonke

Imicimbi Yezibalo Zokuvikela Nokuloga (OnPrem) (Insiza Yokuphepha Engaguquki) etholwe kumadivayisi e-Firepower Threat Defense/NGIPS kuphela.

Ukuqongelela kusulwa nsuku zonke

Izibalo Zokuvikela Nokuloga (OnPrem) (Insiza Yokuphepha Engaguquki) itholwe kusukela kumadivayisi e-Firepower Threat Defense/NGIPS kuphela.

Ukuqongelela kusulwa nsuku zonke

Amabhayithi e-Data Plane atholwe kumadivayisi e-Firepower Threat Defense kuphela.

Ukuqongelela kusulwa nsuku zonke

Imicimbi Yeplanethi Yedatha itholwe kumadivayisi e-Firepower Threat Defense kuphela.

Ukuqongelela kusulwa nsuku zonke

Imicimbi ye-Adaptive Security Appliance itholwe kumadivayisi e-Adaptive Security Appliance kuphela.

Ukuqongelela kusulwa nsuku zonke

Amabhayithi e-ASA atholwe kumadivayisi e-Adaptive Security Appliance kuphela.

Ukuqongelela kusulwa nsuku zonke

Incazelo ye-Metric Identification

exporter_cleaner_ cleaning_enabled

Ibonisa ukuthi i-Interfaces Engasebenzi kanye Nesicoci Sabathekelisa sivuliwe yini.

Uhlobo Lweqoqo
Isifinyezo

- 12 -

Idatha ye-Metrics Yempumelelo Yekhasimende

Incazelo ye-Metric Identification

Uhlobo Lweqoqo

exporter_cleaner_ inactive_threshold

Inombolo yamahora umthumeli ngaphandle angakwazi ukusebenza ngaphambi kokuthi asuswe.

Isifinyezo

exporter_cleaner_

Ibonisa ukuthi uMcolisi kufanele asebenzise i-

usebenzisa_legacy_cleaner umsebenzi wokuhlanza ifa.

Isifinyezo

exporter_cleaner_ hours_after_reset

Inombolo yamahora ngemva kokusetha kabusha isizinda okufanele sihlanzwe.

Isifinyezo

exporter_cleaner_ interface_without_ status_presumed_ stale

Ibonisa ukuthi ingabe Isicoci siyazisusa yini izixhumi ezibonakalayo ebezingaziwa Umqoqi Ogelezayo ngehora lokugcina lokusetha kabusha, sizithathe njengezingasebenzi.

Isifinyezo

ndrcoordinator.files_ kulayishiwe

Ibonisa ukuthi ingabe ukusetshenziswa kwe-Secure Network Analytics kusebenza njengeSitolo Sedatha.

Isifinyezo

umbiko_uqedile

Igama lombiko kanye nesikhathi sokusebenza ngama-millisecond (Umphathi kuphela).

N/A

umbiko_izimiso

Izihlungi ezisetshenziswa lapho Umphathi ebuza imininingo egciniwe Yokuqoqwa Okugelezayo.
Idatha ithunyelwe ngombuzo ngamunye:
l inombolo enkulu yemigqa l ifaka ifulegi le-interface-data l ifulegi lombuzo osheshayo l iflegi yokubala l ligeleza izihlungi zesiqondiso l ukuhleleka ngekholomu l ifulegi lamakholomu azenzakalelayo l Ifulegi lesikhathi sokuqala kwewindi lesikhathi l Idethi yokuphela kwewindi lesikhathi nesikhathi l Inombolo yemibandela yomazisi bedivayisi l Inombolo yemibandela yomazisi okusebenza

Isifinyezo
Imvamisa: Ngesicelo ngasinye

- 13 -

Idatha ye-Metrics Yempumelelo Yekhasimende

Incazelo ye-Metric Identification

Uhlobo Lweqoqo

l Inombolo yemibandela ye-IPs
l Inombolo yemibandela yobubanzi be-IP
l Inombolo yemibandela yamaqembu okusingatha
l Inombolo yemibandela yokuphekwa kwabasingathi
l Ukuthi imiphumela ihlungwa ngamakheli e-MAC
l Ukuthi imiphumela ihlungwa ngamachweba we-TCP/UDP
l Inombolo yemibandela yamagama abasebenzisi
l Ukuthi imiphumela ihlungwa ngenani lamabhayithi/amaphakethe
l Ukuthi imiphumela ihlungwa ngenani eliphelele lamabhayithi/amaphakethe
l Ukuthi imiphumela ihlungwa ngokuthi URL
l Ukuthi imiphumela ihlungwa ngamaphrothokholi
l Ukuthi imiphumela ihlungwa ngama-id ezinhlelo zokusebenza
l Ukuthi imiphumela ihlungwa ngegama lenqubo
l Ukuthi imiphumela ihlungwa ngenqubo hashi
l Ukuthi imiphumela ihlungwa ngenguqulo ye-TLS
l Inani lama-cipher ku-cipher suite criteria

domain.integration_ ad_count

Inombolo yoxhumo lwe-AD.

Okuqongelelwe

domain.rpe_count

Inani lezinqubomgomo zendima ezilungisiwe.

Okuqongelelwe

isizinda.hg_changes_ count

Izinguquko ekucushweni Kweqembu Lokusingatha.

Okuqongelelwe

- 14 -

Idatha ye-Metrics Yempumelelo Yekhasimende

Incazelo ye-Metric Identification

Uhlobo Lweqoqo

integration_snmp

Ukusetshenziswa komenzeli we-SNMP.

N/A

ukuhlanganiswa_kokuqonda

Izexwayiso ezisongela umhlaba wonke (okwakukade kuyi-Cognitive Intelligence) ukuhlanganiswa kunikwe amandla.

N/A

domain.services

Inombolo yezinsizakalo ezichaziwe.

Isifinyezo

ukubala_okuzenzakalelayo_ kwezinhlelo zokusebenza

Inombolo yezinhlelo zokusebenza echaziwe.

Isifinyezo

smc_users_count

Inombolo yabasebenzisi ku- Web Uhlelo lokusebenza.

Isifinyezo

login_api_count

Inombolo yokungena ngemvume kwe-API.

Okuqongelelwe

login_ui_count

Inombolo ye Web Ukungena ngemvume kohlelo lokusebenza.

Okuqongelelwe

report_concurrency Inombolo yemibiko esebenza kanyekanye.

Okuqongelelwe

i-apicall_ui_count

Inombolo yamakholi we-Manager API asebenzisa i- Web Uhlelo lokusebenza.

Okuqongelelwe

i-apicall_api_count

Inombolo yamakholi we-Manager API kusetshenziswa i-API.

Okuqongelelwe

ctr.inikwe amandla

Impendulo yosongo ye-Cisco SecureX(ngaphambilini ebiyi-Cisco Threat Response) inikwe amandla.

N/A

I-ctr.alarm_sender_ inikwe amandla

Vikela ama-alamu e-Network Analytics kumpendulo yokusongelwa kwe-SecureX anikwe amandla.

N/A

ctr.alarm_sender_ minimal_severity

Ubukhulu obuncane bama-alamu athunyelwe kumpendulo yosongo ye-SecureX.

N/A

I-ctr.enrichment_ inikwe amandla

Isicelo sokucebisa esivela kumpendulo yokusongelwa kwe-SecureX sinikwe amandla.

N/A

ctr.enrichment_limit

Inombolo Yemicimbi Yokuphepha ephezulu ezobuyiselwa empendulweni yokusongelwa kwe-SecureX.

Okuqongelelwe

- 15 -

Idatha ye-Metrics Yempumelelo Yekhasimende

Incazelo ye-Metric Identification

Uhlobo Lweqoqo

ctr.enrichment_period

Isikhathi sokuthi Imicimbi Yokuphepha ibuyiselwe kumpendulo yokusongelwa kwe-SecureX.

Okuqongelelwe

ctr.number_of_ enrichment_requests

Inombolo yezicelo zokucebisa ezitholwe empendulweni yokusongelwa kwe-SecureX.

Okuqongelelwe

ctr.number_of_refer_ Inombolo yezicelo zesixhumanisi se-pivot yoMphathi

izicelo

itholwe kumpendulo yokusongelwa kwe-SecureX.

Okuqongelelwe

ctr.xdr_number_of_ alamu

Isibalo sansuku zonke sama-alamu athunyelwa ku-XDR.

Okuqongelelwe

ctr.xdr_number_of_ izexwayiso

Inani lansuku zonke lezaziso ezithunyelwa ku-XDR.

Okuqongelelwe

ctr.xdr_sender_ inikwe amandla

Iqiniso/Amanga uma ukuthumela kunikwe amandla.

Isifinyezo

indima_yehluleka

Umphathi wendima eyinhloko noma yesibili ehlulekayo ku-cluster.

N/A

domain.cse_count

Inombolo yemicimbi yokuvikela yangokwezifiso ye-ID yesizinda.

Isifinyezo

Izibalo zomphathiD

I-Metric Identification

Incazelo

Uhlobo Lweqoqo

I-ndrcoordinator.analytics_ inikwe amandla

Imaka ukuthi i-Analytics ivuliwe yini. 1 uma yebo, 0 uma cha.

Isifinyezo

ndrcoordinator.agents_ kuthintwayo

Inombolo yabasebenzeli be-NDR abathintwe ngesikhathi sokuxhumana kokugcina.

Isifinyezo

ndrcoordinator.processing_ Inombolo yamaphutha ngesikhathi sokutholwa kwe-NDR

amaphutha

ukucubungula.

Okuqongelelwe

- 16 -

Idatha ye-Metrics Yempumelelo Yekhasimende

I-Metric Identification

Incazelo

Uhlobo Lweqoqo

ndrcoordinator.files_ kulayishiwe

Inombolo yemiphumela ye-NDR elayishiwe ukuze icutshungulwe.

Okuqongelelwe

ndrevents.processing_errors

Inombolo ye files yehlulekile ukucubungula ngenxa yokuthi isistimu ayizange ilethe okutholiwe noma ayikwazanga ukuhlaziya isicelo.

Okuqongelelwe

ndrevents.files_kulayishiwe

Inombolo ye fileezithunyelwe emicimbini ye-NDR ukuze zicutshungulwe.

Okuqongelelwe

sna_swing_client_life

Isibali sangaphakathi samakholi we-API asetshenziswa iklayenti le-SNA Manager Desktop.

Isifinyezo

I-swrm_iyasetshenziswa

Ukuphathwa Kwempendulo: Inani ngu-1 uma Ukuphathwa Kwempendulo kusetshenziswa. Inani lingu-0 uma lingasetshenziswa.

Isifinyezo

imithetho_ye-swrm

Ukuphathwa Kwempendulo: Inombolo yemithetho yangokwezifiso.

Isifinyezo

swrm_action_imeyili

Ukuphathwa Kwempendulo: Inombolo yezenzo zangokwezifiso zohlobo lwe-imeyili.

Isifinyezo

swrm_action_syslog_ umyalezo

Ukuphathwa Kwempendulo: Inombolo yezenzo zangokwezifiso zohlobo lomlayezo we-Syslog.

Isifinyezo

swrm_action_snmp_trap

Ukuphathwa Kwezimpendulo: Inombolo yezenzo zangokwezifiso zohlobo lwe-SNMP Trap.

Isifinyezo

swrm_action_ise_anc

Ukuphathwa Kwezimpendulo: Inombolo yezenzo zangokwezifiso zohlobo lweNqubomgomo ye-ISE ANC.

Isifinyezo

i-swrm_action_webihuku

Ukuphathwa Kwezimpendulo: Inombolo yezenzo zangokwezifiso ze Webuhlobo lwehhuku.

Isifinyezo

swrm_action_ctr

Ukuphathwa Kwezimpendulo: Inombolo yezenzo zangokwezifiso zokusabela ngokusongela Uhlobo lwesigameko.

Isifinyezo

- 17 -

Idatha ye-Metrics Yempumelelo Yekhasimende

I-Metric Identification va_ct va_ce va_hcs va_ss va_ses sal_input_size sal_completed_size
sal_flush_time
u-sal_batches_aphumelele

Incazelo

Uhlobo Lweqoqo

Ukuhlola Ukubonakala: Isikhathi sokusebenza esibaliwe ngama-millisecond.

Isifinyezo

Ukuhlola Ukubonakala: Inombolo yamaphutha (uma isibalo siphahlazeka).

Isifinyezo

Ukuhlola Ukubonakala: Usayizi wempendulo ye-API yesibalo sosokhaya ngamabhayithi (thola usayizi wokuphendula oweqile).

Isifinyezo

Ukuhlola Ukubonakala: Usayizi wempendulo ye-Scanners API ngamabhayithi (thola usayizi wokuphendula oweqile).

Isifinyezo

Ukuhlola Ukubonakala: Usayizi wokuphendula we-API Yemicimbi Yokuphepha ngamabhayithi (thola usayizi wokuphendula oweqile).

Isifinyezo

Inombolo yokungenela kulayini wokufakwayo wepayipi.

Isifinyezo
Imvamisa: iminithi elingu-1

Inani lokufakiwe kumugqa wenqwaba oqediwe.

Isifinyezo
Imvamisa: iminithi elingu-1

Inani lesikhathi kuma-millisecond kusukela ekuguqeni kwepayipi lokugcina.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Isifinyezo
Imvamisa: iminithi elingu-1

Inani lamaqoqo abhalwe ngempumelelo ku- file.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Isikhawu
Imvamisa: iminithi elingu-1

- 18 -

Idatha ye-Metrics Yempumelelo Yekhasimende

I-Metric Identification sal_batches_processed sal_batches_failed sal_files_moved sal_files_hlulekile u-sal_files_kulahliwe_imigqa_ebhaliwe_isal_imigqa_ecutshunguliwe_imigqa_yosali_yehlulekile

Incazelo

Uhlobo Lweqoqo

Inani lamaqoqo acutshunguliwe. Isikhawu

Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Imvamisa: iminithi elingu-1

Inani lamaqoqo ahlulekile ukuqedela ukubhala ku- file.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Isikhawu
Imvamisa: iminithi elingu-1

Inombolo ye files ihanjiswe kuhla lwemibhalo olulungile.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Isikhawu
Imvamisa: iminithi elingu-1

Inombolo ye fileehlulekile ukususwa.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Isikhawu
Imvamisa: iminithi elingu-1

Inombolo ye files kulahliwe ngenxa yephutha.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Isikhawu
Imvamisa: iminithi elingu-1

Inombolo yemigqa ebhalwe kwabaqondisiwe file.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Isikhawu
Imvamisa: iminithi elingu-1

Inombolo yemigqa ecutshunguliwe.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Isikhawu
Imvamisa: iminithi elingu-1

Inombolo yemigqa ehlulekile ukubhalwa. Isikhawu

Itholakala nge-Security Analytics kanye

Imvamisa:

- 19 -

Idatha ye-Metrics Yempumelelo Yekhasimende

I-Metric Identification
i-sal_total_batches_ iphumelele i-sal_total_batches_ icubungulwe i-sal_total_batches_yehlulekile
sal_total_files_isusiwe
sal_total_files_yehlulekile
sal_total_files_kulahliwe_ingqikithi_yemigqa_ebhaliwe

Incazelo

Uhlobo Lweqoqo

Ukuloga (OnPrem) Indawo eyodwa kuphela.

1 iminithi

Isamba senani lamaqoqo abhalwe ngempumelelo ku- file.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Ukuqala Uhlelo Lokusebenza
Imvamisa: iminithi elingu-1

Isamba senani lamaqoqo acutshunguliwe.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Ukuqala Uhlelo Lokusebenza
Imvamisa: iminithi elingu-1

Inani lenombolo fileabahlulekile ukuqedela ukubhala ku file.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Ukuqala Uhlelo Lokusebenza
Imvamisa: iminithi elingu-1

Inani lenombolo files ihanjiswe kuhla lwemibhalo olulungile.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Ukuqala Uhlelo Lokusebenza
Imvamisa: iminithi elingu-1

Inani lenombolo fileehlulekile ukususwa.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Ukuqala Uhlelo Lokusebenza
Imvamisa: iminithi elingu-1

Inani lenombolo files kulahliwe ngenxa yephutha.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Ukuqala Uhlelo Lokusebenza
Imvamisa: iminithi elingu-1

Isamba senani lemigqa ebhalwe kwereferensi file.
Itholakala nge-Security Analytics kanye

Ukuqala Uhlelo Lokusebenza
Imvamisa: iminithi elingu-1

- 20 -

Idatha ye-Metrics Yempumelelo Yekhasimende

I-Metric Identification
i-sal_total_rows_processed
i-sal_total_rows_feiled sal_transformer_ sal_bytes_per_event sal_bytes_received sal_events_received sal_total_events_received sal_events_dropped

Incazelo

Uhlobo Lweqoqo

Ukuloga (OnPrem) Indawo eyodwa kuphela.

Inani lenombolo yemigqa ecutshunguliwe.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Ukuqala Uhlelo Lokusebenza
Imvamisa: iminithi elingu-1

Isamba senani lemigqa ehlulekile ukubhalwa.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Ukuqala Uhlelo Lokusebenza
Imvamisa: iminithi elingu-1

Inombolo yamaphutha okuguqulwa kule transformer.
Itholakala nge-Security Analytics kanye nokuloga (OnPrem) i-Single-node kuphela.

Isikhawu
Imvamisa: iminithi elingu-1

Isilinganiso senani lamabhayithi ngomcimbi ngamunye owamukelwe.

Isikhawu
Imvamisa: iminithi elingu-1

Inombolo yamabhayithi atholwe kuseva ye-UDP.

Isikhawu
Imvamisa: iminithi elingu-1

Inombolo yemicimbi etholwe kuseva ye-UDP.

Isikhawu
Imvamisa: iminithi elingu-1

Isamba senani lemicimbi etholwe umzila.

Ukuqala Uhlelo Lokusebenza

Inombolo yemicimbi engahlukaniseki yehlisiwe.

Isikhawu
Imvamisa: iminithi elingu-1

- 21 -

Idatha ye-Metrics Yempumelelo Yekhasimende

I-Metric Identification sal_total_events_dropped sal_events_ignored sal_total_events_ignored sal_receive_queue_size sal_events_per second sal_bytes_per_second sna_trustsec_report_runs
Umqondisi we-UDP

Incazelo

Uhlobo Lweqoqo

Isamba senani lemicimbi engahlukaniseki lehlile.

Ukuqala Uhlelo Lokusebenza
Imvamisa: iminithi elingu-1

Inombolo yemicimbi enganakiwe/engasekelwe.

Isikhawu
Imvamisa: iminithi elingu-1

Isamba senani lemicimbi enganakiwe/engasekelwe.

Ukuqala Uhlelo Lokusebenza
Imvamisa: iminithi elingu-1

Inombolo yemicimbi kulayini wokwamukela.

Isifinyezo
Imvamisa: iminithi elingu-1

Izinga lokungenisa (imicimbi ngomzuzwana).

Isikhawu
Imvamisa: iminithi elingu-1

Izinga lokungenisa (amabhayithi ngomzuzwana).

Isikhawu
Imvamisa: iminithi elingu-1

Inombolo yezicelo zemibiko yansuku zonke ye-TrustSec.

Okuqongelelwe

Incazelo ye-Metric Identification

sources_count

Inombolo yemithombo.

Uhlobo Lweqoqo
Isifinyezo

- 22 -

Idatha ye-Metrics Yempumelelo Yekhasimende

Incazelo ye-Metric Identification

imithetho_ukubala amaphakethe_amaphakethe angafanisiwe_kwehliwe

Inombolo yemithetho. Ubuningi bamaphakethe angenakuqhathaniswa. Amaphakethe alahliwe eth0.

Uhlobo Lweqoqo Lwesifinyezo Isifinyezo Isifinyezo

Zonke Izinsiza

Incazelo ye-Metric Identification

Uhlobo Lweqoqo

inkundla

Inkundla yezingxenyekazi zekhompuyutha (isb: Dell 13G, KVM Virtual Platform).

N/A

i-serial

Inombolo yomkhiqizo wohlelo lokusebenza.

N/A

inguqulo

Vikela inombolo yenguqulo ye-Network Analytics (isb: 7.1.0).

N/A

inguqulo_yakha

Inombolo yokwakha (isb: 2018.07.16.2249-0).

N/A

version_patch

Inombolo yepheshi.

N/A

csm_version

Inguqulo yekhodi ye-Metrics Yempumelelo Yekhasimende (isb: 1.0.24-SNAPSHOT).

N/A

power_supply.status

Izibalo zokuphakelwa kwamandla koMphathi kanye ne-Flow Collector.

Isifinyezo

isihlonzi somkhiqizo se-productInstanceName Smart Licensing.

N/A

- 23 -

Ixhumana Nosekelo
Ixhumana Nosekelo
Uma udinga ukwesekwa kwezobuchwepheshe, sicela wenze okukodwa kwalokhu okulandelayo: l Xhumana ne-Cisco Partner yangakini l Xhumana ne-Cisco Support l Ukuvula icala ngo- web: http://www.cisco.com/c/en/us/support/index.html l Ukuze uthole ukwesekwa kwefoni: 1-800-553-2447 (US) l Ngezinombolo zosekelo zomhlaba wonke: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

- 24 -

Shintsha Umlando

Inguqulo yedokhumenti 1_0

Idethi Eshicilelwe Agasti 18, 2025

Shintsha Umlando
Inguqulo yokuqala.

- 25 -

Ulwazi Lwelungelo Lobunikazi
I-Cisco kanye nelogo ye-Cisco yizimpawu zokuthengisa noma izimpawu zokuthengisa ezibhalisiwe ze-Cisco kanye/noma izinhlaka zayo e-US nakwamanye amazwe. Kuya view uhlu lwezimpawu zokuthengisa ze-Cisco, hamba kulokhu URL: https://www.cisco.com/go/trademarks. Izimpawu zokuthengisa zezinkampani zangaphandle ezishiwo ziyimpahla yabanikazi bazo. Ukusetshenziswa kwegama elithi uzakwethu akusho ubudlelwano bokusebenzisana phakathi kweCisco nanoma iyiphi enye inkampani. (1721R)
© 2025 Cisco Systems, Inc. kanye/noma amanxusa ayo. Wonke Amalungelo Agodliwe.

Amadokhumenti / Izinsiza

I-Cisco Secure Network Analytics [pdf] Umhlahlandlela Womsebenzisi
v7.5.3, Izibalo Zenethiwekhi Ezivikelekile, Izibalo Zenethiwekhi Evikelekile, Izibalo Zenethiwekhi, Izibalo

Izithenjwa

Imaniwali yosebenzisayo

I-Cisco Secure Network Analytics User Guide

Vikela Izibalo Zenethiwekhi

Ulwazi Lomkhiqizo

Imininingwane:

Imiyalo yokusetshenziswa komkhiqizo

Ilungiselela i-Network Firewall:

Ilungiselela Isiphathi:

Ikhubaza Amamethrikhi Empumelelo Yekhasimende:

I-FAQ (Imibuzo Evame Ukubuzwa)

Ngazi kanjani uma I-Metrics Yempumelelo Yekhasimende inikwe amandla?

Iyiphi idatha ekhiqizwa i-Secure Network Analytics?

Amadokhumenti / Izinsiza

Izithenjwa

Shiya amazwana

Khansela impendulo