SevOne

SevOne

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Apply Machine Learning to Flow Data in SevOne 

Thu December 14, 2023 06:35 AM

Purpose of the Workflow:  Monitor flow data as metric data in order to apply ML on the flow data

Description: SevOne is able to perform machine learning analytics to learn normal behaviour and to detect anomalies on network metrics, however this does not apply to flow data. 

With this workflow we will transform flow data into metric data, allowing SevOne to perform the usual ML to learn normal behaviour from the original flow data.

List of requirements:

  • Rapid Network Automation Version: 1.1 or newer
  • SevOne Version: 6.6.0 or newer
  • Environment Required:
  • NMS Credentials
  • Flow view with the fields source ip, destination IP, service profile and bandwidth
  • Device group where all the apps discovered (service profiles) are included

Setup:

  • Create flow view with fields source ip, destination IP, service profile and bandwidth
  • Create device group that includes apps discovered
  • Extract file (attached)
  • Import workflow
  • Create job to run this workflow every 15 minutes

Expected Results:

In SevOne there will be a list of new devices created where the name of the device starts with "Flow App - " and as objects there will be a list of all the combinations of source IP and destination IP found using that application. Each object will contain one indicator named 'traffic'.

Statistics
0 Favorited
30 Views
1 Files
0 Shares
8 Downloads
Attachment(s)
7z file
Netflow Baseline_2023-12-11_10_37_41_2.7z   1 KB   1 version
Uploaded - Thu December 14, 2023

Comments

Wed April 17, 2024 03:51 PM

Missing flow URL: admin/User/SevOne Ingest Data - APIv3 (new v3 version).  Perhaps try exporting it using absolute paths. 

Also 7zip archives cannot be imported.  So use .zip files please.