IBM QRadar配置netflow
cisco路由器配置netflow如下:
flow record TAC-IN match ipv4 protocol match ipv4 source address match ipv4 destination address match interface input match flow direction collect transport tcp flags collect counter packets long collect timestamp sys-uptime last !
flow record TAC-OUT match ipv4 protocol match ipv4 source address match ipv4 destination address match interface output match flow direction collect transport tcp flags collect counter bytes long collect counter packets long collect timestamp sys-uptime last !
! flow exporter QRadar destination 10.185.1.99 source GigabitEthernet0 !
在QRadar上配置netflow如下图:
posted on 2024-12-11 14:39 CyberSecurityBook 阅读(2) 评论(0) 编辑 收藏 举报