User's Guide

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesReal-time Network and Application Insights from the Edge to the Data Center and into the Multi-Cloud

Table Of Contents

ExtremeAnalytics® User GuideVersion 8.4
Legal Notices
Trademarks
Contact
Extreme Networks® Software License Agreement
Table of Contents
ExtremeAnalytics™ Help
- Document Version
ExtremeAnalytics Licensing
- Using Licenses to Establish Flow Rate Capacity
- Getting Started with ExtremeAnalytics
- ExtremeAnalytics Access Requirements
- ExtremeAnalytics Engine Configuration
- Enable Flow Collection
- Enable Jumbo Frames
Configuring Enhanced Netflow for Extreme Analytics and Extreme Wireless Contr...
How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- Configuring Extreme Management Center Behind a NAT Router
- ExtremeAnalytics Application Data Collection
- Data Collection Overview
- Using Sites to Collect In-Network Traffic
- Data Collector Types
  - General Usage Collectors
    - Hourly General Usage Collectors
    - High-Rate General Usage Collectors
  - End-System Details Collector
- Flow Information Sources
  - Enabling ExtremeControl Integration
- Reports
  - Dashboard Report
  - Browser Reports
ExtremeAnalytics Tab Overview
- Dashboard
- Browser
- Application Flows
- Fingerprints
- Packet Captures
- Configuration
- Reports
ExtremeAnalytics Dashboard Overview
- Insights Dashboard Reports
- Client/Server Dashboard Reports
- Applications Browser Dashboard Report
- Industry Dashboards
- IP Reputation Dashboard
- Response Time Dashboard
- Network Service Dashboard
- Tracked Applications Dashboard
ExtremeAnalytics Insights Dashboard
- Insights
  - Ring Chart
  - Custom Dashboard
- How to Create an ExtremeAnalytics Insights Custom Dashboard
  - Custom Dashboard
  - Graphs
- ExtremeAnalytics Response Time Dashboard
- Overview
- Network Response Time Graph
- Application Response Time Graph
- ExtremeAnalytics Network Service Dashboard
- Overview
- Expected Response Time
- Historical Response Time
ExtremeAnalytics Tracked Applications Dashboard
- Overview
- Expected Response Time
- Historical Response Time
ExtremeAnalytics Browser Overview
- Overview
- Data Aggregation
- Options
ExtremeAnalytics Application Flows
- Overview
- Application Flows Tables
- Report Features
- ExtremeAnalytics Bidirectional Flow Table
- ExtremeAnalytics Unidirectional Flow Table
- ExtremeAnalytics Historical Flow Table
ExtremeAnalytics Fingerprints Overview
ExtremeAnalytics Custom Fingerprints
- Fingerprint Table
  - Menu
  - Column Definitions
Delete Custom Fingerprints
- Deleting a Custom Fingerprint
Custom Fingerprint Examples
- Fingerprints Based on a Flow
- Fingerprints Based on an Application or Application Group
- Fingerprints Based on a Destination Address
Create Custom Fingerprints Based on Flow
- Creating Fingerprints Based on a Flow
Create Custom Fingerprints Based on Destination Address
- Creating Fingerprints Based on a Destination Address
Create Custom Fingerprints Based on Application or Application Group
- Creating Fingerprints Based on an Application or Application Group
ExtremeAnalytics Packet Captures
ExtremeAnalytics Configuration Overview
- Engines
  - Status
  - Configuration
- Virtual Sensors
- Fingerprints
- Licenses
- Status
- Configuration
Virtual Sensors
- Virtual Sensors
- Virtual Machines
ExtremeAnalytics Engine Advanced Configuration
- Flow Collection Type
- Collection Privacy Levels
- Client Aggregation
- Slow Client Data
- Max End-Systems in Hourly Details
- Sensor Log Levels
- Store Application Site Data
- ExtremeControl Integration
- Flow Sources/Application Telemetry Sources
- Web Credentials
- Configuration Properties
- Sensor Modules
- Auditing
- Network Settings
ExtremeAnalytics Reports
- Reports
ExtremeAnalytics Report Descriptions
- Report Descriptions
Add and Modify Fingerprints
- Adding a Fingerprint
- Modifying a Fingerprint
- Enabling or Disabling a Fingerprint
- Deleting a Custom Fingerprint
- Updating Fingerprints
  - Perform a Fingerprint Update
  - Schedule Fingerprint Updates
Add Fingerprints
- Add a Fingerprint
Enable or Disable Fingerprints
- Enabling or Disabling a Fingerprint
Modify Fingerprints
- Modifying a Fingerprint
Update Fingerprints
- Updating Fingerprints
  - Perform a Fingerprint Update
  - Schedule Fingerprint Updates
Custom Fingerprint Examples
- Fingerprints Based on a Flow
- Fingerprints Based on an Application or Application Group
- Fingerprints Based on a Destination Address
How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- Configuring Extreme Management Center Behind a NAT Router
ExtremeAnalytics Virtual Sensor Configuration in Extreme Management Center
- Prerequisites
- Installing the Virtual Sensor Using the Extreme Management Center Server
  - Install Using Extreme Management Center
    - Configuring the VMware vSphere Module in ExtremeConnect
    - Adding the Virtual Sensor to Extreme Management Center
- Adding the Virtual Sensor in ExtremeAnalytics
- Configuring vCenter Settings for the Virtual Sensor
Stream Flow Data from ExtremeAnalytics into Splunk
- Environment
- Overview
- Part 1 – Making File Level Splunk Modifications
- Part 2 – Creating a New Stream using the Splunk web UI
- Part 3 – Configuring each Analytics Engine to Export IPFIX Data to the Splunk...
- Appendix
Stream Flow Data from ExtremeAnalytics into Elastic Stack
- Environment
- Overview
- Part 1 – Installing and Configuring ElastiFlow and Elastic Stack
- Part 2 – Configuring each Analytics Engine to export IPFIX data to the Elasti...
- Appendix: Files

Reports

60 of 218

Healthcare Dashboard

The Healthcare Dashboard displays applications used in the healthcare

environment including patient care, medical applications, and HIPAA.

Venue Dashboard

The Venue Dashboard displays data grouped according to sports, social media,

news and weather applications, as well as software update applications.

IP Reputation Dashboard

This report displays potential threat activity on your network from IPaddresses

known to be suspicious. IP addresses can be flagged as suspicious for a variety

of reasons, including forced IPanonymity through the use of a Tor exit node,

being listed as a threat by the Emerging Threats project, or classified as

suspicious by internet users. Additionally, each IPaddress classification has its

own recommended course of action, listed below.

l CiArmy Top Attackers — The CiArmy reputation feed is a set of IP addresses tied to

malicious activity defined by a collaborative network security effort backed by the

Emerging Threats project. Any IP communications to addresses in this list from the

local network are suspicious and may indicate that the local IP is involved in various

activities such as command and control communications with the remote host. IP

addresses classified as CiArmy Top Attackers require further investigation.

l Compromised Hosts Connecting Into the Network — IPaddresses that match this

classification are on a list of IP addresses maintained by the Emerging Threats

project. This list consists of a set of IP addresses that appear to have been

compromised by malware, individual actors, worms, botnets, or other means. When

ExtremeAnalytics detects application flows that match an IP from the Compromised

list, this is a likely indicator that systems in the local network are either under attack

or have already been compromised (since the communications may be command

and control directives emanating from the compromised host).

l Connections to Bad Hosts — IP addresses classified as Connections to Bad Hosts are

known to function as command and control nodes for various botnets around the

Internet. Any flows to or from such IP addresses have a high probability of being

associated with botnet command and control traffic.

l Connections to Bad Hosts Based on Port — IP addresses flagged in this classification

are known to function as command and control nodes for botnets based on the port