Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring the Flow Inspection Level

SUMMARY The flow inspection level determines how much data is analyzed and extracted from the network flows. Each Flow Inspection Level setting provides deeper visibility and extracts more content than the preceding levels.
The following table explains the difference between each inspection level:
Table 1: Flow Inspection Levels
Flow Inspection Level Description
Basic Lowest level of inspection. Flows are detected by 5-tuple, and the number of bytes and packets that are flowing in each direction are counted.
Enriched Each flow is identified and inspected by one of the protocol or domain inspectors, and many kinds of attributes can be generated from that inspection.
Advanced The default setting. The highest level of inspection.

Flows are subjected to more rigorous content extraction processes, including scanning and inspecting the content of the files that it finds.

By default, the Flow Inspection Level for each appliance is inherited from the global setting that is defined in the System Settings on the Admin page. When you change the global setting, the new value is inherited by all Network Insights appliances that are configured to use the global setting. This includes new appliances that you add after the setting is changed.

For the Network Insights appliances, you can override the global setting by configuring a custom inspection level for the individual appliances.

  1. Log in to JSA as an administrator.
  2. To configure the global setting for all appliances, follow these steps:
    1. On the Admin tab, click System Settings.
    2. Click Network Insights Settings.
    3. From the Flow Inspection Level, select the flow rate.
    4. Click Save.
  3. From the menu bar on the Admin tab, click Advanced > Deploy Full Configuration.
    Warning:

    When you deploy the full configuration, JSA services restart. During this time, events and flows are not collected, and offenses are not generated.

  4. Refresh your web browser.

Deploy the Network Insights Processor.