CCNA CyberOps SECOPS – Objective 2.3

Identify the elements from a NetFlow v5 record from a security event

Implementing Cisco Cybersecurity Operations (210-255)

When it comes to Netflow, the 5-tuple is king. Be sure to know the 5-tuple.

Source IP AddressDestination IP AddressSource PortDestination PortProtocol

Beyond the 5-tuple, Netflow v9 and IPFIX (Industry Standard) allow for many other attributes to be recorded.

IOS-XE Configuration of Netflow

flow exporter MY_FLOW_EXPORTER 
  description Netflow Exporter Example
  export-protocol netflow-v9
  transport udp 2205 
flow monitor MY_NETFLOW_MONITOR 
int GigabitEthernet1/0/1
  ip flow monitor MY_NETFLOW_MONITOR input
  ip flow monitor MY_NETFLOW_MONITOR output