Powered by Zoomin Software. For more details please contactZoomin

Flowmon ADS User Guide

Table of Contents

Event Evidence

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 1, 2026
  • 2 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

The Event evidence view allows you to export the evidence (network data flows based on which the event has been detected) from the application.

The event evidence is part of the Event Detail. If the event has some flows attached directly to the event (the Attached Flows feature), the Monitoring Center and Attached Flows sub-tabs are displayed. If the Attached flows are missing, the Monitoring Center is displayed and no sub-tabs are available.

The Attach Flow sub-tab shows the first 20 flows based on which the event was created. ADS captured these during the detection and stored them in the ADS database as a part of the event. This feature can be enabled in Settings → System settings → Storage Settings.

The Monitoring Center sub-tab shows flows stored in the Monitoring Center. They are loaded using the Monitoring Center Query filter when displaying the Event Evidence. You can show and copy this filter to the clipboard by clicking Show query for FMC or opening the FMC with the pre-filled time range, filter, and data feed channels directly by clicking Open in FMC and add to filter. Note that the Monitoring Center Query filter is defined as per the detection method and does not limit flows to the particular subtype of the method. The flow data from the Monitoring Center may not be available right after the detection of the event. This is caused by utilizing the stream processing of flow data - the event is detected before the flows (that were used for detection) are stored on the disk.

Event Evidence contains a histogram that visualizes relations between various pairs of variables. The histogram is followed by a table of raw flows including:

  • The source and the target IP address

  • Timestamp of the data flow

  • Duration

  • Protocol

  • Source and destination port

  • Volume of transferred data

  • Number of transmitted packets

  • Type of service

  • Additional information according to the type of flow.

You can filter the flows by one of the columns. You can define the filter by choosing the list of columns, and the list of relations, and by writing the value into the text box.

The flows of the single network connection between two devices (the same or reversed source IP address, destination IP address, source port, destination port, and protocol) can be highlighted using the context menu (the icon of a brush at the beginning of the row) over the single flows (Context menu → Follow flow). The flows without a corresponding opposite flow can be highlighted using the Context menu → Single flow item.

The list shown in the user interface is limited to 10,000 flows. The exported text file, which can be downloaded by clicking Export data, includes a full list of the flow records.

TitleResults for “How to create a CRG?”Also Available inAlert