Encrypted Traffic Analytics (ETA) uses machine learning on an application to determine the flow characteristics such as malware analysis and crypto audit.

Based on the flow-record associated with flow-monitor, the switch creates an exporter template that shows NetFlow records with derived collect fields. If ETA is configured, you do not require to configure NetFlow as NetFlow data for the corresponding flow is also exported along with ETA data.

ETA supports multiple templates for the configuration export. There is one template per ETA attribute and ETA sends individual attribute detail in each template during the export. Sequence of Packet Length and Times (SPLT) and Initial Data Packet (IDP) are stored in separate templates, which are used to generate NetFlow records. Both these NetFlow records are sent for a given application flow.

These templates are sent whenever the data is ready. This helps NetFlow collector to interpret data with correct attribute values. The exporter destination and port is common for all interfaces and this value is provided in the et-analytics global configuration command. The scale number for ETA is 2000 flows per second.

This template export supports only one exporter IP address for an ETA flow-monitor. Multiple template export is supported for NetFlow v9 version.

The ETA information is exported only if any of the following two conditions are met.

• If the data required is computed and the required number of packets are seen by the ETA collector.

• If the established flow remains idle for a period configured as inactive timeout, the partial data will be exported.

Note	The configured inactive timer is applicable globally. Different ports cannot be configured with different values.