Skip to main content
Version: Next

Abnormal Traffic

KeyField DescriptionComments
NFO timestampFormat: Mmm dd hh:mm:ss
NFO server IP addressFormat: IPv4_address
NFO server NetFlow source IDConfigurable.
nfc_idMessage type identifier“nfc_id=20191”
exp_ipNetwork device (exporter) IP address<IPv4 address>
event_typebegin | cont | end<string>, indicates attack current state
t_eventNFO time of event<number>, unix sec. NFO time at the end of the time interval when the event was identified.
t_reportNFO time of report<number>, unix sec. NFO time to which this message pertains
protocol“tcp” | “udp” | “icmp”L4 protocol traffic for which anomaly was observed
trendTrend<string>, increasing, steady, abating
confidenceConfidence score<number>, A value >= 90 indicating confidence in the event detection
t_intObservation time interval, msec<number>