Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Basic Inspection

SUMMARY The Basic inspection level supports high bandwidth but generates the least amount of flow information. The Basic level inspection creates standard flow records known as data flows.

Note:

The data must exist in the source content so that the field is populated in JSA. For example, some content is populated by the X-Force Threat Intelligence feed, but the field may appear empty in JSA if the information is not available in X-Force.

The following table shows the fields that are populated when Network Insights is configured to use the Basic inspection level.

Table 1: Content that is Populated with the Basic Inspection Level
Query builder name Advanced search name Data source
Application applicationid Multiple sources, such as Inspectors and X-Force.

The attribute is populated by default.
Customer VLAN ID "customer vlan id" Populated only when the flow source or destination address came from 802.1q VLAN header data.
Destination DSCP destinationdscp IP quality of service derived from the IPv4 or IPv6 header of the flow packet.
Destination Flags destinationflags TCP header of the flow packet.
Destination IP address destinationip IPv4 or IPv6 header of the flow packet.
Destination Port destinationport TCP or UDP header of the flow packet.
Enterprise VLAN ID "enterprise vlan id" Populated only when the flow source or destination address came from 802.1q VLAN header data.
First Packet Time firstpackettime Assigned by Network Insights.
Flow ID flowid Assigned by Network Insights.
IP protocol protocolid IPv4 or IPv6 header of the flow.
Last Packet Time lastpackettime Assigned by Network Insights.
Source DSCP sourcedscp IP quality of service derived from the IPv4 or IPv6 header of the flow packet.
Source Flags sourceflags TCP header of the flow packet.
Source IP address sourceip IPv4 or IPv6 header of the flow packet.
Source port sourceport TCP or UDP header of the flow packet.
Total bytes per packet sourcebytes, destinationbytes Assigned and maintained by Network Insights*.
Total Packets sourcepackets, destinationpackets Assigned and maintained by Network Insights*.
VLAN Tag "vlan tag" Populated only when the flow source or destination address came from 802.1q VLAN header data.
VXLAN Network Identifier "vxlan network indentifier" Populated only when the flow contains VXLAN header data.