Maintenance

This part of the configuration can be found in Settings → Maintenance. This section includes functions for managing device configuration.

All user data can be deleted (Delete data) or you can return the device to the factory settings (Reset to factory defaults). This action includes deleting the configuration and all user data, which includes the deletion of all events. More information on managing the module can be found in the documentation of the Flowmon appliance.

The application stores resolved DNS names for a short time period. It can be deleted by clicking Clear DNS cache.

To make the configuration of devices simpler, Flowmon ADS offers predefined templates of module settings (Apply configuration template). The templates include the configuration of Flow data filters, individual detection techniques, and settings of perspectives. Application of templates can be enforced (Force), which means that the current setting, which conflicts with the selected template, is overwritten. The following templates are available:

• Typical company configuration template – template designed for small and medium-sized organizations. Filter settings include commonly used private addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). Activated detection methods and their settings correspond to the typical security needs of small and medium-sized organizations. Within the perspective settings, the highest priority is given to events that might indicate an attack or a serious breach of network security.

• Large company configuration template – template designed for large enterprises. Filter settings include commonly used private addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). Activated detection methods and their settings correspond to the typical security needs of large-sized organizations. Within the perspective settings, the highest priority is given to events that might indicate an attack or a serious breach of network security.

• Internet service provider trunk template – template designed for large backbone networks. Filters are not part of the template. Activated detection methods and their settings correspond to the typical security needs of ISP networks. The methods focus on massive attacks and anomalies in the network.

It is possible to save the current configuration of the application and restore it if needed. The configuration is not portable between different versions of the application. It can be downloaded or uploaded back to the system in Flowmon Configuration Center → System → Maintenance.

A user may also add their own information about IP addresses from the CSV text file (IP details section) by clicking Import. This additional information can be viewed in the detail of the IP, which contains data from WHOIS and other tools and services. Remember, the import deletes all previous information! The following fields are supported:

• ip: IP address that the information relates to

• host: domain name of the IP address (max. 32 characters)

• username: responsible user (max. 32 characters)

• os: running operating system (max. 50 characters)

• hwconfig: hardware description (max. 1,000 characters)

• role: role of devices on the network (max. 32 characters)

• notes: additional notes (max. 1,000 characters)

The text file consists of a header and records. The header contains the names of all the fields listed above separated by a semicolon. The records themselves must contain the value of the ip field and at least one optional field (host, username, os, hw-config, role, notes). The fields are also separated by a semicolon. It is possible to leave some fields empty (see the example below - hwconfig and notes are not filled on the third line). Each line contains one record. Empty lines are ignored.

Information can be downloaded by clicking Export.