netflow filter improvements

Recommended Posts

The newer filter capability is appreciated, but would be even better if more complex logic could be applied (AND/OR/NOT for multiple filters) to really focus on specific types of traffic while excluding others.  For interfaces, glob matches would be very helpful.  For src/dst address match, please allow for prefix matching as well as host matching.


Share this post

Link to post
Share on other sites

I see all the crickets have come to this F/R to hang out.  This is a pretty important improvement for using NetFlow for incident research.  For example, if you find an IP that is doing a lot of traffic while trying to identify a problem and that IP is harmless, I should be able to filter the harmless IP out of my search as I iterate.  There is currently no non-API way to do this.  If the filters could be complex with AND/OR/NOT and groups, then it would be much simpler to make use of the data for real world investigations. 

Similarly, it seems like saved filters are per-user and it would be far more useful if they could be shared across multiple users.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now