Subnet groups

Subnet groups#

Because Endpoint Analytics monitors all network traffic and NetFlow data forwarded to its monitoring interface(s), it is necessary to limit its collection functions to cover only endpoints of interest by specifying the networks or address spaces those endpoints are associated with.

The Configuration > Subnet Groups submenu of the web interface allows users to manage the subnet groups and address blocks whose network traffic and NetFlow data should be processed by the system.

Important

At least one subnet group with a valid address block must be added to the system before Endpoint Analytics can start collecting data.

Adding a subnet group#

To add a new subnet group to the system, follow these steps:

  1. Select the Add Subnet Group option from the Subnet Groups configuration submenu.

  2. Enter a name for the subnet group, and then click Continue.

  3. On the Edit Subnet Group page, click the Add button, and then enter the address block in CIDR format in the popup that opens.

Hint

To add multiple address blocks, use the Add Multiple Address Blocks button and enter one address block per line in the popup.

  1. (Optional) To add an IP address space to exclude from the address block, click the Add (or Add Multiple Address Blocks) button under the Exclude section of the page. These buttons will be greyed out if an internal address block has yet to be added.

  2. Under the Listening Interfaces section of the page, click the Add New Interface button, and then select an interface name from the dropdown in the popup that opens.

  3. If needed, enter a filter as a tcpdump/lipcap style expression to define which packets should be accepted by the system before clicking the Add button to add the interface.

Note

If no filter is entered, all packets received via the selected interface will be accepted.

  1. Enable NetFlow collection by clicking the Edit NetFlow button and ticking the checkbox in the popup that opens (this will also enable sFlow collection on port 6343 by default). If necessary, enter a new port for sFlow collection before clicking the Save NetFlow button.

  2. Return to the top of the page, and save the subnet group configuration by clicking the Save button.

Editing subnet group settings#

To modify the configuration of an existing subnet group, follow these steps:

  1. Select the List Subnet Groups option from the Subnet Groups configuration submenu.

  2. Click on the name of the subnet group to open the Edit Subnet Group page.

  3. Make the necessary changes to the subnet group configuration.

  4. Click the Save button to save the current configuration.

Note

The name of a subnet group cannot be edited. If a new subnet group name is needed, delete the existing subnet group and create a new one with the same configuration.

Deleting a subnet group#

To permanently delete a subnet group from the system, follow these steps:

  1. Select the List Subnet Groups option from the Subnet Groups configuration submenu.

  2. Click on the name of the subnet group to open the Edit Subnet Group page.

  3. Click the Delete button and read the warning in the confirmation popup.

  4. Click Yes to confirm the deletion and return to the main subnet group list page.

Contents