Collector is currently in beta testing and active development.
For all comments and suggestions, please write to
support.
Collector allows you to detect attacks without directing traffic to MITIGATOR and enable protection for individual policies (protected resources):
Autodetection provides two main features:
Global MITIGATOR countermeasures can be enabled and disabled by thresholds associated with counters on device interfaces and their combinations:
The functionality is advanced and is currently not available from the interface.
For integration, you must have a working MITIGATOR and Collector that accepts flow from network devices. Scheme of interaction with default parameters:
All settings are made through environment variables, which are set in the .env
file.
The picture and listing show the same default values:
COLLECTOR_NETFLOW_V5_PORT=9555
COLLECTOR_NETFLOW_V9_PORT=9995
COLLECTOR_IPFIX_UDP_PORT=4739
COLLECTOR_IPFIX_TCP_PORT=4739
COLLECTOR_SFLOW_PORT=6343
COLLECTOR_CLICKHOUSE_ADDRESS=clickhouse.mitigator:9000
COLLECTOR_METRICS_PORT=50054
COLLECTOR_API_PORT=50055
Ports for IPv6 traffic are set automatically as one more than the port for IPv4, for example, for netflow v5, port 9556 will be used by default.
On the MITIGATOR side, the list of Collector units is configured via the web interface or API.
For example, to specify parameters as in the picture, you need to specify the address
collector-backend.mitigator
and port 8853.