To log NetFlow data to the event log, click the "NetFlow to Event Log" tab, check the "Log to the APPLICATION Event Log" check box and specify the severity under which NetFlow data should be logged. To avoid flooding the Application event log with NetFlow-related alerts, the frequency of NetFlow alerts is limited.
Contains the rules under which NetFlow traffic information should be logged to the event log. Rules can evaluate based on:
•The IP address
•Geolocation (country, state, city, zip code)
Alert on suspicious IP addresses
Logs event 820 (EventSentry Network Services / NetFlow) to the event log if a suspicious IP address has been encountered. The alert includes the source and destination IP address, affected port, threat count and threat details.
Detect TCP Port Scans
Logs event 801 (EventSentry Network Services / NetFlow) to the event log if a potential port scan was detected:
# of ports: The number of different ports a remote host has to attempt to connect to in order to trigger an alert
Time Interval: The time interval during which the port scan has to occur
Max Bytes: Network packets will need to be smaller or equal than this size to be considered part of a potential port scan