Get the most out of the profiles in Flowmon Monitoring Center

Today we will learn the concept of profiles in Flowmon Monitoring Center and examples how to get the most out of them.

What is Profile

A profile is a specific view on the flow data. Profiles are defined in Flowmon Monitoring Center (FMC) and used not only in Analysis in FMC, but also in other Flowmon modules. The profile is defined by its name, parent profile, type and one or more profile filters. You can switch among the available profiles using the profiles menu on the left side of the page.
 

Flowmon Monitoring Center - Profile Page
 

Profiles Types

A profile can be either of type History or Continuous. A history profile starts and ends back in the past and remains static. It neither grows nor expires. A continuous profile may start in the past and is continually updated while new flow data becomes available. It grows dynamically and may have its own expire values set. Old data expires after a given amount of time or when a certain profile size is reached. Additionally, a profile can be created as a Shadow profile, which means no flow data is collected, and therefore saves disk space. A shadow profile accesses the data of its parent profile when data processing is done with the proper profile filters applied first. A special type of profile is profile AllSources. This profile is on the top of the profiles hierarchy. It contains all flow data collected and cannot be deleted. All profiles in FMC are generated from data collected to profile AllSources - i.e. they are subprofiles of AllSources. For this reason, every profile but AllSources has its parent profile defined. It means it is built from data of its parent profile.

Profile creation

Click the button to create a new profile Edit profile New profile...

 
Creating new profile - edit profile

 

Creating new profile - add new profile

 

You can add any number of channels to each profile. Each color corresponds to one color in the chart. You can add a new channel by clicking the Add New Channel button at the bottom left. Parameter Color, Position above / below the x-axis, and order in the graph (you change by dragging the created channel in the list) set the appearance of the data in the graph. You can define the processed data by setting Filter and Parental Channels. For the Filter content, the same syntax and rules are defined as for data processing in the Analysis tab. In the Parental Channels box, the source data for the channel calculation is set. There are two options available here: All Channels and Selected Channels. Selecting All Channels will select all parental channels, including those created in the future.

 
Edit profile dialog with profile and channels configuration

 

Examples of profile types

The monitored network communication environment is individually tailored from a network concept to each company. However, some network elements or services can often be applied to most conceptual solutions, such as mail communication protocols, SMB protocol communications, or, for example, outbound or inbound communication on network perimeters.
When creating profiles, however, we need to think that on a regular basis we will want to monitor the filter-based operation that these profiles will interpret in visual form, so it is good to focus on a interesting operation, critical services, or networking.

Featured Reports

  • Critical services accessed by users on a local network or from internet network (communication to application ports or servers running these applications)

Profile with critical services
 
  • Devices / servers necessary for organizational functionality (tracking outgoing and incoming communications to the IP address of the machines)

Profile with critical servers
 
  • Communication from and to the Internet (tracking and comparing overall communication in both directions)

Profile with communication into the Internet
 
  • Data storage and view of its communication (in case of malicious code on the network, it is possible to observe deviations compared to normal communication)

Profile with SMB traffic
 
  • Branches and communications across individual network segments (organizations often want to keep an eye on the communication within each branch)

Profile with traffic in different locations (branches)
 
  • Cloud applications and communication towards them (using cloud resources is already a natural thing and companies are starting to use services in the cloud more and more)

Profile with traffic with cloud service Office 365
  • Business applications and communication towards them (the importance of proper application functioning for the proper functioning of the company is an essential element that needs to be addressed)

Profile for business applications
 


Through this blog post, we tried to outline the FMC user and describe the options for creating profiles and their essentials. These examples of defining basic profile reports can be expanded by several additional filters associated with a specific traffic that is individual in terms of the diversity of the concept of networks. Do not be afraid to experiment with your own profiles or get inspired in our online demo.