| Data Granularity |
| • |
Support 5-minute granularity of traffic monitor |
| • |
Support 1-minute granularity of anomaly detection |
| |
|
| Data Source |
| • |
NetFlow(v1,v5,v7,v9), sFlow(v4,v5), NetStream |
| • |
SNMP v1,v2c get/trap |
| |
|
| Web-based Management Console |
| • |
Multi-language support |
| • |
English / Chinese(Traditional/Simplified) / Japanese |
| |
|
| System Administration |
| • |
Access to Web-based console: HTTP / HTTPS |
| • |
Access to CLI console: Telnet / SSH |
| • |
User authentication: Local / RADIUS / TACACS+ |
| • |
Role-based security: Provides different privileges such as Administrator, Supervisor, View-only, or Sub-Network |
| • |
Alarm notification method: Email to difference users or user groups by scope, severity and resource importance; SNMP trap or Syslog export to third-party management stations. |
| • |
Centralized configuration management |
| • |
Storage options: internal HD(Controller) / NFS |
| • |
Auto-maintenance on disk usage, report data, and log |
| |
|
| Report Format of Traffic Analysis |
| • |
Unit: bps / pps / fps |
| • |
Period: Daily / Weekly / Monthly / Quarterly / Yearly |
| • |
Type: Line / Stacked / Pie / Bar chart & Trend report |
| • |
Presentation: HTML / CSV / PDF / XML |
| |
|
| Capability of Network Modeling |
| According to information of network model, all pre-defined reports will be automatically generated without inextricable configuration for every single report. |
| • |
Home network: defined by CIDR |
| • |
Internet: defined by Circular cut or Segment cut |
| • |
Backbone network: defined by link(interface) |
| • |
Sub-network: defined by CIDR and boundary |
| |
|
| Pre-defined Traffic Analysis |
| • |
Bi-directional(in, out) traffic monitoring |
| • |
Individual and group-aggregated statistics; for instance, router, and sub-network grouping. |
| • |
Attribute analysis with Top-N statistics, including Application, Protocol, Protocol+Port, TOS value, and Packet Size & with outputs of Stacked, Bar, and Pie charts. |
| • |
Top talkers of a sub-network / interface |
| • |
Cross analysis between Sub-Networks. |
| • |
Router performance analysis for CPU load, memory usage, and interface traffic. |
| • |
Interface analysis on traffic-by-flow / traffic-by-SNMP / CRC Error / Discard / Multicast & Broadcast |
|
|
| Rule-based Traffic Analysis |
| • |
Applied on different scopes as Any, Home, or Sub-Network. |
| |
Filtering rules defined by IP block, application, protocol/port, router, interface, TOS, TCP flag, next hop, or packet size |
| |
Custom Top-N report ranked by IP, interface, sub-network, router, TOS, TCP flag, application, protocol/port, next hop, or packet size. |
| |
Able to rebuild rule-based traffic report from historical raw flows. |
| |
|
| Multiple Authorities for Multi-users Support |
| Provide services for the specific sub-network users, including |
| |
Traffic analysis report for the specific sub-network, such as attribute analysis with Top-N statistics, top talkers, and rule-based traffic analysis. |
| |
Offline Report (Daily / Weekly / Monthly) via e-mail delivery |
| |
Anomaly traffic analysis for the specific sub-network |
| |
Anomaly console and alarm notification |
| |
Snapshot tool for instant Top-N and drill-downs |
| |
|
Traffic Snapshot |
| |
Applied on different scopes as Any, Home, Sub-Network, or defined Filters. |
| |
Data Source: Real-time(cache) / Raw Data |
| |
Criteria: IP, protocol/port, interface, TOS, next hop, TCP Flag, Anomaly |
| |
Real-time Top-N report ranked by IP, protocol/port, interface, TCP Flag, TOS value, or next hop. |
| |
Report type: Pie Chart / Top-N table |
| |
Target suspicious flows through drill-downs |
| |
Inspect up to 100 raw flows per request for any user-defined criteria and time duration. |
| |
Generate Cisco compatible ACL according to result of snapshoot drill-downs |
| |
|
Anomaly Traffic Detection |
| |
Detection Scopes: Sub-network-base, Prefix-base, Device-base |
| |
Report for Possible Affected Resources: Sub-Network, Router |
| |
Baselines applicable to network traffic within detection scope. |
| |
Baseline mechanism: static, dynamic learning |
| |
Allow to view and reset historical traffic baseline. |
| |
Trigger Top-N analysis for each anomaly event when : yellow alarm arises / red alarm arises / peak / latest |
| |
Anomaly detected by traffic anomaly, protocol-misuse, and flow-based signature matching(app anomaly) |
| |
Built-in protocol-misuse anomaly detections: Land Attack, ICMP Misuse, UDP Fragment, TCP Fragment, TCP Flag Null or Misuse, IP Protocol Null, TCP SYN Flooding. |
| |
Built-in worm/DDoS attacking signatures: Dark IP, MS Blaster, Sasser, Code Red, SQL Slammer. |
| |
Able to configure signatures' characteristics including Packet / Byte count per Flow, Byte count per Packet, TCP Flag, TOS Value, Protocol, Port, and Dark IP. |
| |
Alarm severity: red, yellow |
| |
|
| Anomaly Console |
| |
Summarize anomaly events and logs at a glance. |
| |
System status checking for GenieATM itself (CPU, memory, DB Disk, number of flows, and packet drops) |
| |
Anomaly event and anomaly detail report querying |
| |
Alert log querying |
| |
Anomaly statistics: Ongoing / In last 24 hours |
|
