IBM QRadar配置netflow

cisco路由器配置netflow如下:

flow record TAC-IN
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match interface input
 match flow direction
 collect transport tcp flags
 collect counter packets long
 collect timestamp sys-uptime last
!

 

flow record TAC-OUT
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match interface output
 match flow direction
 collect transport tcp flags
 collect counter bytes long
 collect counter packets long
 collect timestamp sys-uptime last
!

 

!
flow exporter QRadar
 destination 10.185.1.99
 source GigabitEthernet0
!

 在QRadar上配置netflow如下图:

 

posted on 2024-12-11 14:39  CyberSecurityBook  阅读(2)  评论(0编辑  收藏  举报

导航