Flow Analytics ConfigurationΒΆ

The Admin > Flow Analytics page is used to manage settings for individual FA algorithms. Its main view consists of an overview of all current FA algorithm settings and includes a graph showing frequency by algorithm.

The table lists the following information for each FA algorithm:

  • State (green: Enabled, grey: Disabled)

  • Number of Exporters

  • Number of defined exclusions

  • Number of associated Alarm Policies

For additional information on FA algorithms and configuration recommendations, see the Flow Analytics configuration guide.

Algorithm settings

From the main view, click on an algorithm to open its configuration tray.

The tray is divided into the following sections:

Sources

Exporters and Security Groups for which the algorithm has been enabled

Exclusions

IP addresses, IP ranges, subnets, domains (by reverse DNS), and IP Groups whose traffic will not be monitored using the algorithm

Settings

Additional settings that are exclusive to the current algorithm

Note

Settings that do not apply to the current algorithm will be excluded from the tray.

Important

Certain features, such as host indexing, top x monitoring, and Report Threshold Alarms require the corresponding FA algorithm to be enabled.

An algorithm can also be disabled or re-enabled from its configuration tray.

Bulk actions

When one or more algorithms are selected, the following bulk actions can be accessed via the Bulk Actions button:

  • Adding sources (Exporters and/or Security Groups)

  • Disabling and enabling

Additional page options

  • Filtering options can be accessed by clicking the Filters button.

  • General page options, such as the number of entries shown and export actions, can be accessed by clicking the Options (gear) button.