Best Practices - Network Discovery and SNMP Tables

Advantages to This Approach

By leveraging Blueprints with SNMP Tables, you gain two key advantages. Firstly, you have full control over which attributes you want FireScope to monitor, as most organizations never have need of every one of the thousands of attributes a given network device may support.  Secondly, over time if your needs change and you realize that you want to adjust your data collection or event analysis approach, you only have to modify this one Blueprint and the change will immediately affect every CI that is associated with this Smart Blueprint.

Data Collected and Stored by FireScope SDDM and FireScope Cloud Advisor

As described in our documentation, FireScope SDDM and FireScope Cloud Advisor collect information via an Edge Device (or multiple Edge Devices), which is/are typically deployed inside your networks.  These Edge Devices then forward information to the FireScope App Server Virtual IP.  If you are a SaaS customer, that app server VIP is in one of our hosting data centers.

The purpose of this article is to describe exactly what is collected by the Edge, and what information gets forwarded to the App Server, and therefore stored in our databases.  Keep in mind, if you are a SaaS customer, all the data is encrypted in transit, and at rest.

Here is a list of all the data that the Edge Device can collect, and sending to the App Server(s):

Netflow: Data consists of source IP, destination IP, UDP/TCP Port, amount of data, number of packets.

sFlow: Data consists of source IP, destination IP, UDP/TCP Port, amount of data, number of packets.

Packet Data: Data consists of the packet headers only.  Payloads are discarded.  The header includes the version of IP (which is always set to 4, because IPv4 is being used), the sender’s IP address, the intended receiver’s IP address, the number of packets the message has been broken into, the identification number of the particular packet, the protocol (e.g. 1 for ICMP, 2 for IGMP, 6 for TCP and 17 for UDP) used, the packet length (on networks that have variable length packets), the time to live (i.e., the number of links or hops that the packet can be routed before being allowed to expire) and synchronization data (several bits that help the packet match up to the network).  In the case of HTTP headers, then the destination URL is also extracted.

SNMP Data: This data can consist of any SNMP data that is requested, which can include a great many details about a device.  Typically, this is information like device model, manufacturer, serial number, OS version, port data, disk data, etc.  The information collected is controlled by blueprints you create.

VMware vCenter Data: This data consists of information about the vCenter instance, hosts, and guests.  This includes both inventory and performance data, including manufactures, models, serial numbers, hardware configurations, network configurations, and storage configurations.

Active Directory: If you connect your account to Active Directory, it can import user accounts that you specify.  The only information imported are SAMAccountName, First Name, Last Name, and email address.  No password or group membership information is imported.  Authentication occurs against the AD source.

Credentials: The credentials for SNMP, VMware, and Active Directory are stored on the Edge Device and the App Server, using encrypted fields.

Calculated Attributes: For SDDM and Cloud advisor, there are several calculated attributes, such as the number of CIs in a service, the related services, and number of users connected to services that are stored on the App Server.

Edge Performance Information: The Edge Device collects performance information, in order to display on the Edge Scorecard in your account.  This includes CPU utilization, Memory utilization, Network utilization, and attribute summary data.