Encrypted Traffic Analytics (ETA) uses machine learning on an application to determine the flow characteristics such as malware
analysis and crypto audit.
Based on the flow-record associated with flow-monitor, the switch creates an exporter template that shows NetFlow records
with derived collect fields. If ETA is configured, you do not require to configure NetFlow as NetFlow data for the corresponding
flow is also exported along with ETA data.
ETA supports multiple templates for the configuration export. There is one template per ETA attribute and ETA sends individual
attribute detail in each template during the export. Sequence of Packet Length and Times (SPLT) and Initial Data Packet (IDP)
are stored in separate templates, which are used to generate NetFlow records. Both these NetFlow records are sent for a given
application flow.
These templates are sent whenever the data is ready. This helps NetFlow collector to interpret data with correct attribute
values. The exporter destination and port is common for all interfaces and this value is provided in the et-analytics global configuration command. The scale number for ETA is 2000 flows per second.
This template export supports only one exporter IP address for an ETA flow-monitor. Multiple template export is supported
for NetFlow v9 version.