{"id":1691,"date":"2025-06-03T14:45:11","date_gmt":"2025-06-03T12:45:11","guid":{"rendered":"https:\/\/www.sycope.com\/post\/what-is-netflow-and-how-is-this-protocol-used-in-practise"},"modified":"2025-11-05T11:20:18","modified_gmt":"2025-11-05T10:20:18","slug":"czym-jest-netflow-i-jak-wykorzystuje-sie-go-w-praktyce","status":"publish","type":"post","link":"https:\/\/www.sycope.com\/pl\/post\/czym-jest-netflow-i-jak-wykorzystuje-sie-go-w-praktyce","title":{"rendered":"Czym jest NetFlow i jak ten protok\u00f3\u0142 jest wykorzystywany w praktyce?"},"content":{"rendered":"<p><span data-contrast=\"auto\">Technologia NetFlow umo\u017cliwia administratorom i zespo\u0142om bezpiecze\u0144stwa <\/span><b><span data-contrast=\"auto\">dok\u0142adne zrozumienie, kto, kiedy i w jaki spos\u00f3b korzysta z zasob\u00f3w sieciowych<\/span><\/b><span data-contrast=\"auto\">. To w\u0142a\u015bnie ona stanowi podstaw\u0119 dla analizy wydajno\u015bci, planowania pojemno\u015bci, a przede wszystkim \u2013 dla wykrywania zagro\u017ce\u0144 i anomalii w ruchu.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">W tym artykule znajdziesz <\/span><b><span data-contrast=\"auto\">kompletny przewodnik po NetFlow<\/span><\/b><span data-contrast=\"auto\"> \u2013 od podstaw dzia\u0142ania, przez najwa\u017cniejsze standardy rynkowe (IPFIX, sFlow), a\u017c po zaawansowane zastosowania w cyberbezpiecze\u0144stwie i optymalizacji infrastruktury. Dowiesz si\u0119 tak\u017ce, w jaki spos\u00f3b <\/span><b><span data-contrast=\"auto\">Sycope<\/span><\/b><span data-contrast=\"auto\"> wykorzystuje dane NetFlow, aby dostarcza\u0107 zespo\u0142om IT i SecOps realnej wiedzy o tym, co dzieje si\u0119 w ich sieci.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_81 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.sycope.com\/pl\/post\/czym-jest-netflow-i-jak-wykorzystuje-sie-go-w-praktyce\/#Jak_dziala_NetFlow_Architektura_i_kluczowe_pojecia\" >Jak dzia\u0142a NetFlow? Architektura i kluczowe poj\u0119cia\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.sycope.com\/pl\/post\/czym-jest-netflow-i-jak-wykorzystuje-sie-go-w-praktyce\/#Ewolucja_i_standardy_rynkowe_%E2%80%94_NetFlow_vs_IPFIX_vs_sFlow\" >Ewolucja i standardy rynkowe \u2014 NetFlow vs. IPFIX vs. sFlow\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.sycope.com\/pl\/post\/czym-jest-netflow-i-jak-wykorzystuje-sie-go-w-praktyce\/#Praktyczne_zastosowania_%E2%80%94_na_jakie_pytania_odpowie_Ci_NetFlow\" >Praktyczne zastosowania \u2014 na jakie pytania odpowie Ci NetFlow?\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.sycope.com\/pl\/post\/czym-jest-netflow-i-jak-wykorzystuje-sie-go-w-praktyce\/#NetFlow_jako_fundament_cyberbezpieczenstwa_SecOps\" >NetFlow jako fundament cyberbezpiecze\u0144stwa (SecOps)\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.sycope.com\/pl\/post\/czym-jest-netflow-i-jak-wykorzystuje-sie-go-w-praktyce\/#NetFlow_w_optymalizacji_i_planowaniu_sieci_NetOps\" >NetFlow w optymalizacji i planowaniu sieci (NetOps)\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.sycope.com\/pl\/post\/czym-jest-netflow-i-jak-wykorzystuje-sie-go-w-praktyce\/#Od_danych_NetFlow_do_wiedzy_biznesowej_z_Sycope\" >Od danych NetFlow do wiedzy biznesowej z Sycope\u00a0<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Jak_dziala_NetFlow_Architektura_i_kluczowe_pojecia\"><\/span><span class=\"TextRun SCXW201884265 BCX0\" lang=\"PL-PL\" xml:lang=\"PL-PL\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW201884265 BCX0\" data-ccp-parastyle=\"heading 2\">Jak dzia\u0142a <\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW201884265 BCX0\" data-ccp-parastyle=\"heading 2\">NetFlow<\/span><span class=\"NormalTextRun SCXW201884265 BCX0\" data-ccp-parastyle=\"heading 2\">? Architektura i kluczowe poj\u0119cia<\/span><\/span><span class=\"EOP SCXW201884265 BCX0\" data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:299,&quot;335559739&quot;:299}\">\u00a0<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span data-contrast=\"auto\">Widoczno\u015b\u0107 w sieci zaczyna si\u0119 od zrozumienia, jak dane o ruchu s\u0105 rejestrowane i przetwarzane. NetFlow nie analizuje pojedynczych pakiet\u00f3w \u2013 jego si\u0142\u0105 jest to, \u017ce grupuje je w logiczn\u0105 jednostk\u0119 zwan\u0105 <\/span><b><span data-contrast=\"auto\">przep\u0142ywem (flow)<\/span><\/b><span data-contrast=\"auto\">. Dzi\u0119ki temu administratorzy mog\u0105 spojrze\u0107 na ruch z perspektywy komunikacji mi\u0119dzy systemami, a nie chaotycznego strumienia pakiet\u00f3w.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><\/h3>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Czym jest przep\u0142yw (flow)? \u2013 fundament NetFlow<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Przep\u0142yw to <\/span><b><span data-contrast=\"auto\">seria pakiet\u00f3w przesy\u0142anych w jednym kierunku<\/span><\/b><span data-contrast=\"auto\"> mi\u0119dzy dwoma punktami komunikacji, kt\u00f3re maj\u0105 ten sam zestaw siedmiu cech \u2013 tzw. <\/span><b><span data-contrast=\"auto\">7-tuple<\/span><\/b><span data-contrast=\"auto\">:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ol>\n<li><span data-contrast=\"auto\">Adres IP \u017ar\u00f3d\u0142owy<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Adres IP docelowy<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Port \u017ar\u00f3d\u0142owy<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Port docelowy<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Protok\u00f3\u0142 (TCP, UDP itp.)<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Interfejs wej\u015bciowy<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Interfejs wyj\u015bciowy<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ol>\n<p><span data-contrast=\"auto\">Ka\u017cdy przep\u0142yw posiada tak\u017ce znaczniki czasu rozpocz\u0119cia i zako\u0144czenia oraz liczniki pakiet\u00f3w i bajt\u00f3w. Z perspektywy urz\u0105dzenia sieciowego wszystkie pakiety, kt\u00f3re maj\u0105 ten sam zestaw 7 cech, nale\u017c\u0105 do jednego flow. Przyk\u0142adowo: gdy u\u017cytkownik \u0142\u0105czy si\u0119 z serwerem WWW, NetFlow nie analizuje tysi\u0119cy pakiet\u00f3w TCP \u2013 zlicza je jako jeden przep\u0142yw reprezentuj\u0105cy ca\u0142e po\u0142\u0105czenie.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Taki spos\u00f3b agregacji pozwala uzyska\u0107 pe\u0142ny obraz komunikacji w sieci, bez przeci\u0105\u017cania urz\u0105dze\u0144 i system\u00f3w analitycznych nadmiarem danych.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Jak to dzia\u0142a krok po kroku<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p aria-level=\"4\"><b><i><span data-contrast=\"none\">Krok 1 \u2013 Eksporter (Exporter \/ Flow Agent)<\/span><\/i><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:1,&quot;335551620&quot;:1,&quot;335559685&quot;:0,&quot;335559737&quot;:0,&quot;335559738&quot;:319,&quot;335559739&quot;:319,&quot;335559740&quot;:279}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">W ka\u017cdej z lokalizacji (np. <\/span><b><span data-contrast=\"auto\">LOKACJA 1<\/span><\/b><span data-contrast=\"auto\"> i <\/span><b><span data-contrast=\"auto\">LOKACJA 2<\/span><\/b><span data-contrast=\"auto\">) znajduj\u0105 si\u0119 urz\u0105dzenia sieciowe \u2013 routery, firewalle lub prze\u0142\u0105czniki \u2013 kt\u00f3re pe\u0142ni\u0105 rol\u0119 <\/span><b><span data-contrast=\"auto\">Eksporter\u00f3w<\/span><\/b><span data-contrast=\"auto\">.<\/span><br \/>\n<span data-contrast=\"auto\"> Ich zadaniem jest:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"8\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">identyfikacja nowych przep\u0142yw\u00f3w w czasie rzeczywistym,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"8\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">utrzymywanie tabeli aktywnych flows w pami\u0119ci,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"8\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">generowanie rekord\u00f3w NetFlow po zako\u0144czeniu przep\u0142ywu (lub po przekroczeniu limitu czasu),<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"8\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">wysy\u0142anie tych rekord\u00f3w do centralnego kolektora.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Eksporter dzia\u0142a z minimalnym wp\u0142ywem na wydajno\u015b\u0107 urz\u0105dzenia, rejestruj\u0105c statystyki ruchu przechodz\u0105cego przez interfejsy. Ka\u017cdy rekord zawiera m.in. liczb\u0119 przes\u0142anych pakiet\u00f3w i bajt\u00f3w, czasy start\/stop oraz kluczowy zestaw 7-tuple.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p aria-level=\"4\"><b><i><span data-contrast=\"none\">Krok 2 \u2013 Kolektor (Collector)<\/span><\/i><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:319,&quot;335559739&quot;:319}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Wszystkie rekordy z eksporter\u00f3w trafiaj\u0105 do centralnego punktu zbierania \u2013 <\/span><b><span data-contrast=\"auto\">kolektora<\/span><\/b><span data-contrast=\"auto\">.<\/span><br \/>\n<span data-contrast=\"auto\"> W architekturze Sycope funkcj\u0119 t\u0119 pe\u0142ni komponent <\/span><b><span data-contrast=\"auto\">flowcontrol<\/span><\/b><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Kolektor odpowiada za:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"9\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">odbieranie strumieni NetFlow\/IPFIX z wielu \u017ar\u00f3de\u0142,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"9\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">interpretacj\u0119 szablon\u00f3w (template IDs) i normalizacj\u0119 danych,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"9\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">scalanie rekord\u00f3w w sp\u00f3jny zbi\u00f3r danych o ca\u0142ym ruchu w organizacji,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"9\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">archiwizacj\u0119 oraz przygotowanie danych dla analityki.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">W du\u017cych \u015brodowiskach kolektor musi obs\u0142ugiwa\u0107 setki tysi\u0119cy przep\u0142yw\u00f3w na sekund\u0119, zapewniaj\u0105c przy tym integralno\u015b\u0107 danych i mo\u017cliwo\u015b\u0107 korelacji mi\u0119dzy lokalizacjami.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p aria-level=\"4\"><b><i><span data-contrast=\"none\">Krok 3 \u2013 Analizator (Analyzer)<\/span><\/i><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:319,&quot;335559739&quot;:319}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">To ostatni i kluczowy element, cz\u0119sto pomijany w prostych opisach NetFlow.<\/span><br \/>\n<b><span data-contrast=\"auto\">Analizator<\/span><\/b><span data-contrast=\"auto\"> to warstwa, w kt\u00f3rej dane przep\u0142yw\u00f3w zamieniaj\u0105 si\u0119 w wiedz\u0119.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Po zebraniu i znormalizowaniu danych przez kolektor, operator loguje si\u0119 do platformy analitycznej, takiej jak <\/span><b><span data-contrast=\"auto\">Sycope<\/span><\/b><span data-contrast=\"auto\">, aby:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">wizualizowa\u0107 ruch w postaci wykres\u00f3w, map i dashboard\u00f3w,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">przegl\u0105da\u0107 szczeg\u00f3\u0142y komunikacji mi\u0119dzy hostami i aplikacjami,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">generowa\u0107 raporty dotycz\u0105ce wydajno\u015bci, bezpiecze\u0144stwa i u\u017cycia pasma,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">wykrywa\u0107 anomalie i nietypowe wzorce ruchu.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Analizator stosuje mechanizmy korelacji, filtracji i detekcji behawioralnej.<\/span><br \/>\n<span data-contrast=\"auto\"> Dzi\u0119ki temu surowe dane NetFlow staj\u0105 si\u0119 zrozumia\u0142\u0105, kontekstow\u0105 informacj\u0105 \u2013 np. \u201e85% ruchu HTTP w oddziale B generuje aplikacja CRM\u201d, \u201epomi\u0119dzy serwerem bazy a stacj\u0105 u\u017cytkownika pojawi\u0142 si\u0119 nieautoryzowany ruch na porcie 3306\u201d.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Schemat przep\u0142ywu danych w \u015brodowisku NetFlow<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><b><span data-contrast=\"auto\">LOKACJA 1 \/ LOKACJA 2 \u2192 Eksporter \u2192 Kolektor (flowcontrol) \u2192 Analizator (Sycope)<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ol>\n<li><span data-contrast=\"auto\">Urz\u0105dzenia w lokalizacjach zbieraj\u0105 dane o przep\u0142ywach (Exportery).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Dane s\u0105 przesy\u0142ane do centralnego kolektora, kt\u00f3ry je agreguje i normalizuje.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Administrator loguje si\u0119 do Analizatora, aby przegl\u0105da\u0107 i analizowa\u0107 ruch w formie graficznej i analitycznej.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1170\" src=\"https:\/\/www.sycope.com\/wp-content\/uploads\/2025\/06\/62668b2fee1f847e03cacff5_What-is-NetFlow.jpg\" alt=\"\" width=\"757\" height=\"356\" srcset=\"https:\/\/www.sycope.com\/wp-content\/uploads\/2025\/06\/62668b2fee1f847e03cacff5_What-is-NetFlow.jpg 2471w, https:\/\/www.sycope.com\/wp-content\/uploads\/2025\/06\/62668b2fee1f847e03cacff5_What-is-NetFlow-300x141.jpg 300w, https:\/\/www.sycope.com\/wp-content\/uploads\/2025\/06\/62668b2fee1f847e03cacff5_What-is-NetFlow-1024x482.jpg 1024w, https:\/\/www.sycope.com\/wp-content\/uploads\/2025\/06\/62668b2fee1f847e03cacff5_What-is-NetFlow-768x361.jpg 768w, https:\/\/www.sycope.com\/wp-content\/uploads\/2025\/06\/62668b2fee1f847e03cacff5_What-is-NetFlow-1536x722.jpg 1536w, https:\/\/www.sycope.com\/wp-content\/uploads\/2025\/06\/62668b2fee1f847e03cacff5_What-is-NetFlow-2048x963.jpg 2048w\" sizes=\"auto, (max-width: 757px) 100vw, 757px\" \/><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Dlaczego to podej\u015bcie jest kluczowe<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">W przeciwie\u0144stwie do narz\u0119dzi opartych na pe\u0142nym przechwytywaniu pakiet\u00f3w, NetFlow oferuje:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"12\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">efektywno\u015b\u0107<\/span><\/b><span data-contrast=\"auto\"> \u2013 minimalne obci\u0105\u017cenie urz\u0105dze\u0144 przy pe\u0142nej widoczno\u015bci ruchu,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"12\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">skalowalno\u015b\u0107<\/span><\/b><span data-contrast=\"auto\"> \u2013 mo\u017cliwo\u015b\u0107 monitorowania setek lokalizacji z jednego punktu,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"12\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">uniwersalno\u015b\u0107<\/span><\/b><span data-contrast=\"auto\"> \u2013 zgodno\u015b\u0107 z r\u00f3\u017cnymi producentami i standardami (IPFIX, sFlow),<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"12\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">kontekst<\/span><\/b><span data-contrast=\"auto\"> \u2013 informacje o kierunkach, aplikacjach, wolumenach i trendach,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"12\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">bezpiecze\u0144stwo<\/span><\/b><span data-contrast=\"auto\"> \u2013 dane przydatne zar\u00f3wno w diagnostyce, jak i w analizie zagro\u017ce\u0144.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">W \u015brodowisku Sycope ta architektura jest rozszerzona o <\/span><b><span data-contrast=\"auto\">analityk\u0119 behawioraln\u0105<\/span><\/b><span data-contrast=\"auto\">, <\/span><b><span data-contrast=\"auto\">alerty predykcyjne<\/span><\/b><span data-contrast=\"auto\"> i <\/span><b><span data-contrast=\"auto\">modu\u0142y SecOps\/NetOps<\/span><\/b><span data-contrast=\"auto\">, kt\u00f3re automatycznie przetwarzaj\u0105 dane NetFlow na wiedz\u0119 operacyjn\u0105 i biznesow\u0105.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2 aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Ewolucja_i_standardy_rynkowe_%E2%80%94_NetFlow_vs_IPFIX_vs_sFlow\"><\/span><b><span data-contrast=\"none\">Ewolucja i standardy rynkowe \u2014 NetFlow vs. IPFIX vs. sFlow<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:299,&quot;335559739&quot;:299}\">\u00a0<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span data-contrast=\"auto\">NetFlow to dzi\u015b nie tylko nazwa protoko\u0142u opracowanego przez Cisco, ale synonim <\/span><b><span data-contrast=\"auto\">technologii eksportu danych o ruchu sieciowym<\/span><\/b><span data-contrast=\"auto\">.<\/span><br \/>\n<span data-contrast=\"auto\"> Od jego powstania min\u0119\u0142o ponad 25 lat, a sam mechanizm przeszed\u0142 ewolucj\u0119 \u2014 od w\u0142asno\u015bciowego rozwi\u0105zania jednego producenta do <\/span><b><span data-contrast=\"auto\">otwartego standardu bran\u017cowego<\/span><\/b><span data-contrast=\"auto\">, wdro\u017conego w urz\u0105dzeniach wielu dostawc\u00f3w.<\/span><br \/>\n<span data-contrast=\"auto\"> W tej sekcji przyjrzymy si\u0119 trzem kluczowym standardom: <\/span><b><span data-contrast=\"auto\">NetFlow (v9)<\/span><\/b><span data-contrast=\"auto\">, <\/span><b><span data-contrast=\"auto\">IPFIX<\/span><\/b><span data-contrast=\"auto\"> i <\/span><b><span data-contrast=\"auto\">sFlow<\/span><\/b><span data-contrast=\"auto\">, kt\u00f3re dzi\u015b definiuj\u0105, jak wygl\u0105da widoczno\u015b\u0107 ruchu w nowoczesnych sieciach.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">NetFlow \u2013 pocz\u0105tek wszystkiego<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">NetFlow zosta\u0142 opracowany przez firm\u0119 <\/span><b><span data-contrast=\"auto\">Cisco Systems<\/span><\/b><span data-contrast=\"auto\"> w latach 90. jako mechanizm s\u0142u\u017c\u0105cy do monitorowania ruchu przechodz\u0105cego przez routery i prze\u0142\u0105czniki.<\/span><br \/>\n<span data-contrast=\"auto\"> Pierwsze wersje (v1\u2013v5) mia\u0142y sztywn\u0105 struktur\u0119 rekord\u00f3w \u2013 ka\u017cde pole by\u0142o zdefiniowane na sta\u0142e. To wystarcza\u0142o do podstawowej analizy, ale ogranicza\u0142o mo\u017cliwo\u015b\u0107 rozszerzania funkcjonalno\u015bci.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Prze\u0142omem by\u0142 <\/span><b><span data-contrast=\"auto\">NetFlow v9<\/span><\/b><span data-contrast=\"auto\">, kt\u00f3ry wprowadzi\u0142 <\/span><b><span data-contrast=\"auto\">system szablon\u00f3w (template-based)<\/span><\/b><span data-contrast=\"auto\">.<\/span><br \/>\n<span data-contrast=\"auto\"> Dzi\u0119ki temu eksporter mo\u017ce dynamicznie definiowa\u0107, jakie pola przesy\u0142a w rekordzie, a kolektor interpretuje dane na podstawie otrzymanego szablonu.<\/span><br \/>\n<span data-contrast=\"auto\"> To rozwi\u0105zanie otworzy\u0142o drog\u0119 do wi\u0119kszej elastyczno\u015bci \u2013 umo\u017cliwi\u0142o producentom i integratorom dodawanie w\u0142asnych p\u00f3l, np. identyfikatora aplikacji, informacji o NAT, czy znacznik\u00f3w QoS.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Najwa\u017cniejsze cechy NetFlow v9:<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Dynamiczny system szablon\u00f3w (template-based format).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Obs\u0142uga wielu typ\u00f3w rekord\u00f3w (flow, options, statistics).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Mo\u017cliwo\u015b\u0107 przesy\u0142ania dodatkowych metadanych.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Nadal jednak rozwi\u0105zanie w\u0142asno\u015bciowe, \u015bci\u015ble powi\u0105zane z ekosystemem Cisco.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">IPFIX \u2013 otwarty standard bran\u017cowy<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Wraz z popularyzacj\u0105 NetFlow, inne firmy zacz\u0119\u0142y tworzy\u0107 w\u0142asne, mniej lub bardziej kompatybilne implementacje.<\/span><br \/>\n<span data-contrast=\"auto\"> Aby ujednolici\u0107 spos\u00f3b eksportu informacji o przep\u0142ywach, organizacja <\/span><b><span data-contrast=\"auto\">IETF (Internet Engineering Task Force)<\/span><\/b><span data-contrast=\"auto\"> opracowa\u0142a standard <\/span><b><span data-contrast=\"auto\">IPFIX (Internet Protocol Flow Information Export)<\/span><\/b><span data-contrast=\"auto\">, opublikowany jako <\/span><b><span data-contrast=\"auto\">RFC 5101 i RFC 7011\u20137015<\/span><\/b><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">IPFIX mo\u017cna uzna\u0107 za <\/span><b><span data-contrast=\"auto\">\u201eNetFlow v10\u201d<\/span><\/b><span data-contrast=\"auto\"> \u2013 rozwini\u0119cie idei NetFlow v9, ale w formie w pe\u0142ni otwartego i ustandaryzowanego protoko\u0142u.<\/span><br \/>\n<span data-contrast=\"auto\"> Dzi\u0119ki temu r\u00f3\u017cni producenci (Cisco, Juniper, Huawei, Fortinet, Palo Alto Networks i inni) mog\u0105 eksportowa\u0107 dane w tym samym formacie, zapewniaj\u0105c <\/span><b><span data-contrast=\"auto\">interoperacyjno\u015b\u0107 mi\u0119dzy systemami<\/span><\/b><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Najwa\u017cniejsze cechy IPFIX:<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"14\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Standard IETF, niezale\u017cny od producenta.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"14\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Zachowuje koncepcj\u0119 szablon\u00f3w, ale z wi\u0119ksz\u0105 elastyczno\u015bci\u0105 w definiowaniu p\u00f3l.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"14\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Obs\u0142uguje <\/span><b><span data-contrast=\"auto\">niestandardowe pola (enterprise-specific fields)<\/span><\/b><span data-contrast=\"auto\"> \u2013 np. identyfikatory u\u017cytkownik\u00f3w, nazwy aplikacji, metadane z warstwy 7.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"14\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Umo\u017cliwia eksport danych przez r\u00f3\u017cne protoko\u0142y transportowe (UDP, TCP, SCTP).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"14\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">To obecnie <\/span><b><span data-contrast=\"auto\">de facto standard bran\u017cowy<\/span><\/b><span data-contrast=\"auto\"> w obszarze Network Visibility i NDR.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Dla platform takich jak <\/span><b><span data-contrast=\"auto\">Sycope<\/span><\/b><span data-contrast=\"auto\">, kt\u00f3re analizuj\u0105 dane z urz\u0105dze\u0144 r\u00f3\u017cnych producent\u00f3w, IPFIX jest kluczowy \u2014 pozwala centralizowa\u0107 i normalizowa\u0107 dane o przep\u0142ywach w jednym formacie, niezale\u017cnie od \u017ar\u00f3d\u0142a.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">sFlow \u2013 inna filozofia monitorowania<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Podczas gdy NetFlow i IPFIX skupiaj\u0105 si\u0119 na analizie <\/span><b><span data-contrast=\"auto\">pe\u0142nych przep\u0142yw\u00f3w<\/span><\/b><span data-contrast=\"auto\">, standard <\/span><b><span data-contrast=\"auto\">sFlow (Sampled Flow)<\/span><\/b><span data-contrast=\"auto\">, opracowany przez firm\u0119 InMon, opiera si\u0119 na zupe\u0142nie innej zasadzie: <\/span><b><span data-contrast=\"auto\">pr\u00f3bkowaniu pakiet\u00f3w (packet sampling)<\/span><\/b><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Zamiast rejestrowa\u0107 wszystkie przep\u0142ywy, urz\u0105dzenie losowo wybiera co n-ty pakiet (np. 1 na 1000) i wysy\u0142a pr\u00f3bki do kolektora.<\/span><br \/>\n<span data-contrast=\"auto\"> Dzi\u0119ki temu obci\u0105\u017cenie procesora i pami\u0119ci na urz\u0105dzeniach sieciowych jest du\u017co mniejsze, co ma znaczenie w \u015brodowiskach o bardzo du\u017cym wolumenie ruchu \u2013 np. w sieciach operatorskich lub centrach danych hyperscaler\u00f3w.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Najwa\u017cniejsze cechy sFlow:<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"15\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Pr\u00f3bkowanie pakiet\u00f3w i interwa\u0142owe statystyki interfejs\u00f3w.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"15\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Bardzo ma\u0142e obci\u0105\u017cenie urz\u0105dze\u0144 sieciowych.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"15\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Brak pe\u0142nej informacji o ka\u017cdym przep\u0142ywie (ni\u017csza precyzja).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"15\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Otwarty standard, wspierany przez wielu producent\u00f3w (m.in. HPE, Arista, Extreme Networks).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Cho\u0107 sFlow doskonale sprawdza si\u0119 w <\/span><b><span data-contrast=\"auto\">monitorowaniu wydajno\u015bci<\/span><\/b><span data-contrast=\"auto\"> (NetOps), to jego ograniczona dok\u0142adno\u015b\u0107 sprawia, \u017ce <\/span><b><span data-contrast=\"auto\">nie nadaje si\u0119 do cel\u00f3w bezpiecze\u0144stwa (SecOps)<\/span><\/b><span data-contrast=\"auto\">, gdzie wymagane s\u0105 dane o ka\u017cdym przep\u0142ywie.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Por\u00f3wnanie standard\u00f3w: NetFlow vs. IPFIX vs. sFlow<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<div style=\"overflow-x: auto; margin: 20px 0; font-family: 'DM Sans', sans-serif;\">\n<table style=\"width: 100%; border-collapse: collapse; border: 1px solid #ddd; font-family: 'DM Sans', sans-serif; font-size: 15px;\">\n<thead>\n<tr style=\"background-color: #f4f6fb; color: #222; text-align: left;\">\n<th style=\"padding: 12px; border: 1px solid #ddd;\">Cecha<\/th>\n<th style=\"padding: 12px; border: 1px solid #ddd;\">NetFlow v9<\/th>\n<th style=\"padding: 12px; border: 1px solid #ddd;\">IPFIX<\/th>\n<th style=\"padding: 12px; border: 1px solid #ddd;\">sFlow<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Pochodzenie \/ standard<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Cisco<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">IETF (RFC 5101, RFC 7011\u20137015)<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">InMon \/ otwarty<\/td>\n<\/tr>\n<tr style=\"background-color: #fafbff;\">\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Metoda zbierania danych<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Pe\u0142ne przep\u0142ywy<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Pe\u0142ne przep\u0142ywy<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Pr\u00f3bkowanie pakiet\u00f3w<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Struktura danych<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Szablony (template-based)<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Szablony (rozszerzalne)<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Statystyki + pr\u00f3bki<\/td>\n<\/tr>\n<tr style=\"background-color: #fafbff;\">\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Zakres informacji<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">G\u0142\u00f3wnie warstwa 3\/4<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Warstwa 2\u20137, metadane aplikacyjne<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Pr\u00f3bkowane dane warstwy 2\u20134<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Precyzja<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Wysoka<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Wysoka<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">\u015arednia<\/td>\n<\/tr>\n<tr style=\"background-color: #fafbff;\">\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Wydajno\u015b\u0107 urz\u0105dze\u0144<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">\u015arednie obci\u0105\u017cenie<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Zale\u017cne od konfiguracji<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Bardzo niskie obci\u0105\u017cenie<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Interoperacyjno\u015b\u0107<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Ograniczona (Cisco)<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Wysoka (multi-vendor)<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Wysoka<\/td>\n<\/tr>\n<tr style=\"background-color: #fafbff;\">\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Zastosowanie<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Infrastruktura Cisco<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Sieci korporacyjne, systemy NDR<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Du\u017ce sieci operatorskie, NetOps<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Przydatno\u015b\u0107 w bezpiecze\u0144stwie (SecOps)<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">\u2705 Wysoka<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">\u2705 Wysoka<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">\u26a0\ufe0f Ograniczona<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<\/div>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Kt\u00f3ry standard wybra\u0107?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"16\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">NetFlow v9<\/span><\/b><span data-contrast=\"auto\"> \u2013 idealny, je\u015bli infrastruktura opiera si\u0119 g\u0142\u00f3wnie na urz\u0105dzeniach Cisco i nie wymaga integracji z innymi dostawcami.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"16\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">IPFIX<\/span><\/b><span data-contrast=\"auto\"> \u2013 najlepszy wyb\u00f3r dla \u015brodowisk heterogenicznych, gdzie liczy si\u0119 otwarto\u015b\u0107, rozszerzalno\u015b\u0107 i kompatybilno\u015b\u0107.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"16\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">sFlow<\/span><\/b><span data-contrast=\"auto\"> \u2013 sprawdzi si\u0119 tam, gdzie liczy si\u0119 minimalne obci\u0105\u017cenie i statystyczny wgl\u0105d w ruch, np. w du\u017cych farmach serwerowych.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">W praktyce rozwi\u0105zania takie jak <\/span><b><span data-contrast=\"auto\">Sycope<\/span><\/b><span data-contrast=\"auto\"> potrafi\u0105 r\u00f3wnocze\u015bnie obs\u0142ugiwa\u0107 dane z NetFlow, IPFIX i sFlow, normalizuj\u0105c je do wsp\u00f3lnego formatu.<\/span><br \/>\n<span data-contrast=\"auto\"> Dzi\u0119ki temu organizacja zyskuje <\/span><b><span data-contrast=\"auto\">pe\u0142ny, sp\u00f3jny obraz ruchu w ca\u0142ej infrastrukturze<\/span><\/b><span data-contrast=\"auto\">, niezale\u017cnie od producent\u00f3w i typ\u00f3w urz\u0105dze\u0144.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2 aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Praktyczne_zastosowania_%E2%80%94_na_jakie_pytania_odpowie_Ci_NetFlow\"><\/span><b><span data-contrast=\"none\">Praktyczne zastosowania \u2014 na jakie pytania odpowie Ci NetFlow?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:299,&quot;335559739&quot;:299}\">\u00a0<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span data-contrast=\"auto\">Ka\u017cda infrastruktura sieciowa \u017cyje w\u0142asnym \u017cyciem. U\u017cytkownicy, aplikacje, systemy biznesowe i procesy automatyzacji tworz\u0105 miliony po\u0142\u0105cze\u0144 dziennie.<\/span><br \/>\n<span data-contrast=\"auto\"> Bez odpowiednich narz\u0119dzi trudno zrozumie\u0107, co naprawd\u0119 dzieje si\u0119 w sieci, kt\u00f3re aplikacje s\u0105 krytyczne, a kt\u00f3re niepotrzebnie zajmuj\u0105 pasmo.<\/span><br \/>\n<span data-contrast=\"auto\"> Tu w\u0142a\u015bnie swoj\u0105 rol\u0119 odgrywa <\/span><b><span data-contrast=\"auto\">NetFlow<\/span><\/b><span data-contrast=\"auto\"> \u2014 dostarczaj\u0105c precyzyjnych odpowiedzi na pytania, kt\u00f3re wcze\u015bniej wymaga\u0142y godzin analizy log\u00f3w, PCAP\u00f3w i korelacji danych z r\u00f3\u017cnych system\u00f3w.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Jakie aplikacje s\u0105 u\u017cywane? Czy wszystkie s\u0105 legalne?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">NetFlow, w po\u0142\u0105czeniu z klasyfikacj\u0105 aplikacyjn\u0105 (NBAR, DPI, IPFIX enterprise fields), umo\u017cliwia dok\u0142adne rozpoznanie, kt\u00f3re aplikacje generuj\u0105 ruch w sieci.<\/span><br \/>\n<span data-contrast=\"auto\"> Dzi\u0119ki temu mo\u017cna zidentyfikowa\u0107 zar\u00f3wno us\u0142ugi krytyczne (ERP, CRM, VoIP), jak i aplikacje niepo\u017c\u0105dane (np. ruch P2P, streaming, prywatne VPN-y).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> W \u015brodowisku finansowym analiza NetFlow ujawni\u0142a, \u017ce w jednym z segment\u00f3w serwerowych pojawi\u0142 si\u0119 ruch do port\u00f3w u\u017cywanych przez narz\u0119dzie zdalnego pulpitu spoza listy dozwolonych aplikacji.<\/span><br \/>\n<span data-contrast=\"auto\"> Szybka reakcja zespo\u0142u bezpiecze\u0144stwa pozwoli\u0142a zablokowa\u0107 nieautoryzowany dost\u0119p.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Kto korzysta z tych aplikacji?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Ka\u017cdy rekord NetFlow zawiera adresy IP \u017ar\u00f3d\u0142owe, kt\u00f3re mo\u017cna odwzorowa\u0107 do u\u017cytkownik\u00f3w lub urz\u0105dze\u0144 dzi\u0119ki integracji z Active Directory, DHCP lub CMDB.<\/span><br \/>\n<span data-contrast=\"auto\"> Pozwala to powi\u0105za\u0107 konkretne aplikacje z realnymi u\u017cytkownikami, dzia\u0142ami lub lokalizacjami.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Administrator zauwa\u017ca nadmierne wykorzystanie \u0142\u0105cza przez aplikacj\u0119 do transferu plik\u00f3w. Analiza NetFlow pokazuje, \u017ce ruch pochodzi g\u0142\u00f3wnie z kont u\u017cytkownik\u00f3w dzia\u0142u marketingu podczas kampanii reklamowej \u2014 decyzja: przydzielenie oddzielnej klasy QoS.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Jakie serwery generuj\u0105 ruch? Czy to rzeczywi\u015bcie serwery?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Dzi\u0119ki NetFlow mo\u017cna \u0142atwo odr\u00f3\u017cni\u0107 hosty generuj\u0105ce du\u017cy wolumen danych i sprawdzi\u0107, czy odpowiada to ich roli.<\/span><br \/>\n<span data-contrast=\"auto\"> Je\u015bli stacja robocza nagle zaczyna zachowywa\u0107 si\u0119 jak serwer (np. nas\u0142uchuje na portach 445, 80, 22), to potencjalny sygna\u0142 ataku.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> W jednym z oddzia\u0142\u00f3w stacja u\u017cytkownika zacz\u0119\u0142a generowa\u0107 intensywny ruch SMB do wielu host\u00f3w. NetFlow ujawni\u0142 nietypow\u0105 liczb\u0119 przep\u0142yw\u00f3w z portu 445 \u2014 okaza\u0142o si\u0119, \u017ce malware uruchomi\u0142 lokalny serwer SMB do rozprzestrzeniania si\u0119 w sieci.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Do jakich serwer\u00f3w kierowany jest ruch? Czy powinien?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Analiza kierunku przep\u0142yw\u00f3w (destination IP) pozwala wykry\u0107 po\u0142\u0105czenia do adres\u00f3w i lokalizacji, kt\u00f3re nie s\u0105 zgodne z politykami bezpiecze\u0144stwa.<\/span><br \/>\n<span data-contrast=\"auto\"> To szczeg\u00f3lnie wa\u017cne w kontrolowaniu ruchu wychodz\u0105cego (egress traffic) i po\u0142\u0105cze\u0144 z zewn\u0119trznymi chmurami.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> System Sycope wykrywa, \u017ce kilka host\u00f3w \u0142\u0105czy si\u0119 z adresami w podsieciach Azji Po\u0142udniowo-Wschodniej, kt\u00f3re nie znajduj\u0105 si\u0119 na li\u015bcie zatwierdzonych centr\u00f3w danych.<\/span><br \/>\n<span data-contrast=\"auto\"> Analiza NetFlow ujawnia pr\u00f3b\u0119 komunikacji z serwerem C&amp;C \u2014 incydent zostaje zablokowany zanim malware pobierze \u0142adunek.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Kt\u00f3re aplikacje generuj\u0105 najwi\u0119cej ruchu?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Raporty wolumenowe w NetFlow pozwalaj\u0105 tworzy\u0107 rankingi aplikacji pod k\u0105tem wykorzystania pasma, liczby przep\u0142yw\u00f3w czy czasu trwania sesji.<\/span><br \/>\n<span data-contrast=\"auto\"> Dzi\u0119ki temu mo\u017cna okre\u015bli\u0107, kt\u00f3re us\u0142ugi dominuj\u0105 w sieci i czy ich obecny priorytet jest uzasadniony.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> W Sycope administrator zauwa\u017ca, \u017ce najwi\u0119kszy udzia\u0142 w ruchu ma us\u0142uga Teams Video, kt\u00f3ra w godzinach 13:00\u201315:00 wykorzystuje 60% przepustowo\u015bci \u0142\u0105cza.<\/span><br \/>\n<span data-contrast=\"auto\"> Decyzja: korekta regu\u0142 QoS oraz wdro\u017cenie lokalnego breakout\u2019u dla aplikacji SaaS.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Kto zajmuje ca\u0142e dost\u0119pne pasmo?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">To jedno z najbardziej podstawowych pyta\u0144 operacyjnych.<\/span><br \/>\n<span data-contrast=\"auto\"> NetFlow umo\u017cliwia b\u0142yskawiczne wskazanie, kt\u00f3ry host, u\u017cytkownik lub aplikacja odpowiada za przeci\u0105\u017cenie \u0142\u0105cza.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> O 15:00 aplikacja ERP zwalnia. W ci\u0105gu trzech minut analiza NetFlow pokazuje, \u017ce serwer kopii zapasowych rozpocz\u0105\u0142 replikacj\u0119 danych do oddzia\u0142u, zajmuj\u0105c 90% pasmowej przepustowo\u015bci.<\/span><br \/>\n<span data-contrast=\"auto\"> Problem rozwi\u0105zany zanim u\u017cytkownicy zg\u0142osili usterk\u0119.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Czy przychodz\u0105cy ruch operatora jest odpowiednio tagowany?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">NetFlow\/IPFIX umo\u017cliwia analiz\u0119 znacznik\u00f3w QoS (DSCP\/ToS) w ruchu przychodz\u0105cym i wychodz\u0105cym.<\/span><br \/>\n<span data-contrast=\"auto\"> Pozwala to zweryfikowa\u0107, czy operator nie zmienia tag\u00f3w QoS na granicy sieci i czy pakiety zachowuj\u0105 w\u0142a\u015bciw\u0105 klas\u0119 obs\u0142ugi.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Analiza danych NetFlow pokazuje, \u017ce ruch VoIP oznaczony w organizacji jako EF dociera z sieci operatora z DSCP = 0.<\/span><br \/>\n<span data-contrast=\"auto\"> Zg\u0142oszenie reklamacyjne i korekta po stronie ISP rozwi\u0105zuj\u0105 problem z jako\u015bci\u0105 rozm\u00f3w.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Kt\u00f3re interfejsy s\u0105 najbardziej obci\u0105\u017cone?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">NetFlow pozwala na analiz\u0119 przep\u0142yw\u00f3w per interfejs, dzi\u0119ki czemu mo\u017cna okre\u015bli\u0107, gdzie powstaj\u0105 w\u0105skie gard\u0142a i czy ruch rozk\u0142ada si\u0119 r\u00f3wnomiernie.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Dane z flow\u00f3w pokazuj\u0105, \u017ce interfejs Gi0\/2 na routerze WAN obs\u0142uguje 75% ca\u0142ego ruchu oddzia\u0142u, podczas gdy Gi0\/3 pozostaje niemal nieu\u017cywany.<\/span><br \/>\n<span data-contrast=\"auto\"> Po modyfikacji routingu obci\u0105\u017cenie zostaje zbalansowane.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Kt\u00f3re routery s\u0105 najbardziej obci\u0105\u017cone?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Dzi\u0119ki sumaryzacji przep\u0142yw\u00f3w mo\u017cna zobaczy\u0107, kt\u00f3re urz\u0105dzenia sieciowe przetwarzaj\u0105 najwi\u0119cej sesji i bajt\u00f3w, co pomaga w planowaniu modernizacji lub skalowania.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Kolektor Sycope pokazuje, \u017ce g\u0142\u00f3wny router brzegowy generuje ponad 1 mln flow\u00f3w na minut\u0119, podczas gdy router backupowy obs\u0142uguje jedynie 10%.<\/span><br \/>\n<span data-contrast=\"auto\"> Decyzja: wprowadzenie r\u00f3wnowa\u017cenia ruchu BGP i aktualizacja CPU w routerze g\u0142\u00f3wnym.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Czy ruch w\u0142asny i tranzytowy jest w\u0142a\u015bciwie routowany?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">NetFlow ujawnia, czy pakiety z wewn\u0119trznych podsieci przechodz\u0105 przez odpowiednie interfejsy i czy ruch tranzytowy nie obci\u0105\u017ca niepotrzebnie infrastruktury wewn\u0119trznej.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> W sieci operatora analiza przep\u0142yw\u00f3w pokazuje, \u017ce cz\u0119\u015b\u0107 ruchu B2B jest kierowana przez VRF dla u\u017cytkownik\u00f3w ko\u0144cowych.<\/span><br \/>\n<span data-contrast=\"auto\"> Szybka korekta tablic routingu przywraca w\u0142a\u015bciwy podzia\u0142 ruchu i redukuje op\u00f3\u017anienia.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Czy przepustowo\u015b\u0107 \u0142\u0105czy jest wystarczaj\u0105ca?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Dane historyczne NetFlow pozwalaj\u0105 obliczy\u0107 95th percentile, trendy ruchowe i prognozy wzrostu obci\u0105\u017cenia.<\/span><br \/>\n<span data-contrast=\"auto\"> To podstawa do \u015bwiadomego capacity planningu.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Analiza 90-dniowa w Sycope pokazuje, \u017ce \u0142\u0105cze MPLS do oddzia\u0142u Krak\u00f3w osi\u0105ga 85% obci\u0105\u017cenia w godzinach szczytu.<\/span><br \/>\n<span data-contrast=\"auto\"> Prognoza wskazuje, \u017ce za trzy miesi\u0105ce warto\u015b\u0107 przekroczy 95% \u2014 decyzja: zam\u00f3wienie wy\u017cszego profilu SLA.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Czy ruch jest odpowiednio kierowany?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">NetFlow pomaga zweryfikowa\u0107 poprawno\u015b\u0107 polityk routingu dynamicznego (OSPF, BGP, EIGRP) i load-balancingu.<\/span><br \/>\n<span data-contrast=\"auto\"> Dzi\u0119ki danym o kierunkach przep\u0142yw\u00f3w mo\u017cna sprawdzi\u0107, czy \u015bcie\u017cki s\u0105 symetryczne i czy ruch nie przechodzi przez niepo\u017c\u0105dane punkty.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Po migracji BGP do nowego ISP analiza flow\u00f3w pokazuje asymetri\u0119 \u015bcie\u017cek: ruch wychodz\u0105cy idzie przez nowego dostawc\u0119, ale odpowiedzi wracaj\u0105 starym kana\u0142em.<\/span><br \/>\n<span data-contrast=\"auto\"> Korekta prefiks\u00f3w i AS-path rozwi\u0105zuje problem.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Jakie aplikacje dzia\u0142aj\u0105 na serwerach?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Na podstawie port\u00f3w docelowych, protoko\u0142\u00f3w i metadanych NetFlow mo\u017cna okre\u015bli\u0107, jakie us\u0142ugi faktycznie s\u0105 uruchomione na serwerach.<\/span><br \/>\n<span data-contrast=\"auto\"> To przydatne zar\u00f3wno dla inwentaryzacji, jak i audyt\u00f3w bezpiecze\u0144stwa.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Audyt przep\u0142yw\u00f3w wykaza\u0142, \u017ce serwer oznaczony jako \u201eDB-only\u201d obs\u0142uguje r\u00f3wnie\u017c po\u0142\u0105czenia HTTPS z zewn\u0119trznych adres\u00f3w.<\/span><br \/>\n<span data-contrast=\"auto\"> Okaza\u0142o si\u0119, \u017ce zesp\u00f3\u0142 testowy tymczasowo uruchomi\u0142 interfejs webowy \u2014 niezgodnie z polityk\u0105 bezpiecze\u0144stwa.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Jakie porty s\u0105 u\u017cywane przez serwery?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">NetFlow rejestruje porty \u017ar\u00f3d\u0142owe i docelowe, dzi\u0119ki czemu mo\u017cna analizowa\u0107, kt\u00f3re us\u0142ugi komunikuj\u0105 si\u0119 po niestandardowych portach.<\/span><br \/>\n<span data-contrast=\"auto\"> To pomaga w wykrywaniu b\u0142\u0119dnych konfiguracji lub potencjalnych wektor\u00f3w ataku.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> NetFlow pokazuje ruch SQL na porcie 1445 zamiast 1433.<\/span><br \/>\n<span data-contrast=\"auto\"> Po analizie okaza\u0142o si\u0119, \u017ce serwer zosta\u0142 b\u0142\u0119dnie skonfigurowany przez zewn\u0119trznego integratora \u2013 b\u0142\u0105d naprawiono zanim wp\u0142yn\u0105\u0142 na aplikacj\u0119 produkcyjn\u0105.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Sk\u0105d pochodzi ruch i dok\u0105d zmierza?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Ka\u017cdy przep\u0142yw opisuje kierunek ruchu: \u017ar\u00f3d\u0142o, cel i \u015bcie\u017ck\u0119.<\/span><br \/>\n<span data-contrast=\"auto\"> Analiza danych z wielu lokalizacji pozwala stworzy\u0107 map\u0119 komunikacji mi\u0119dzy oddzia\u0142ami, serwerami i chmur\u0105.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Sycope wizualizuje przep\u0142ywy mi\u0119dzy central\u0105 w Warszawie a oddzia\u0142ami w Pradze i Wiedniu.<\/span><br \/>\n<span data-contrast=\"auto\"> Dzi\u0119ki korelacji z AS-path administrator widzi, \u017ce cz\u0119\u015b\u0107 ruchu do CDN idzie przez nieoptymaln\u0105 tras\u0119 w DE-CIX, co powoduje wzrost op\u00f3\u017anie\u0144.<\/span><br \/>\n<span data-contrast=\"auto\"> Decyzja: zmiana routingu BGP dla prefiks\u00f3w CDN.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Jakie serwery generuj\u0105 ruch? Czy to legalne?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">NetFlow pozwala zweryfikowa\u0107, czy generowany ruch odpowiada roli danego systemu.<\/span><br \/>\n<span data-contrast=\"auto\"> Nieautoryzowane lub nieoczekiwane przep\u0142ywy z serwer\u00f3w cz\u0119sto s\u0105 pierwszym sygna\u0142em infekcji lub b\u0142\u0119dnej konfiguracji.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Scenariusz:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> W nocy pojawia si\u0119 zwi\u0119kszony ruch SMTP z jednego z serwer\u00f3w aplikacyjnych.<\/span><br \/>\n<span data-contrast=\"auto\"> Analiza NetFlow pokazuje tysi\u0105ce po\u0142\u0105cze\u0144 wychodz\u0105cych na port 25 \u2014 serwer zosta\u0142 przej\u0119ty i u\u017cywany do wysy\u0142ki spamu.<\/span><br \/>\n<span data-contrast=\"auto\"> Izolacja hosta i aktualizacja zabezpiecze\u0144 przywracaj\u0105 bezpiecze\u0144stwo \u015brodowiska.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span data-contrast=\"auto\">NetFlow odpowiada na pytania, kt\u00f3re s\u0105 fundamentem operacyjnej widoczno\u015bci sieci.<\/span><br \/>\n<span data-contrast=\"auto\"> Od klasycznych kwestii wydajno\u015bci (\u201eczy przepustowo\u015b\u0107 jest wystarczaj\u0105ca?\u201d) po z\u0142o\u017cone scenariusze bezpiecze\u0144stwa (\u201eczy serwer generuje legalny ruch?\u201d) \u2014 dane przep\u0142yw\u00f3w pozwalaj\u0105 przej\u015b\u0107 od reaktywnego monitoringu do \u015bwiadomego zarz\u0105dzania sieci\u0105.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">W po\u0142\u0105czeniu z <\/span><b><span data-contrast=\"auto\">Sycope<\/span><\/b><span data-contrast=\"auto\">, NetFlow staje si\u0119 nie tylko \u017ar\u00f3d\u0142em danych, ale <\/span><b><span data-contrast=\"auto\">pe\u0142noprawnym narz\u0119dziem analitycznym<\/span><\/b><span data-contrast=\"auto\">, kt\u00f3re odpowiada na kluczowe pytanie ka\u017cdego administratora:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<blockquote><p><em><b>\u201eCo naprawd\u0119 dzieje si\u0119 w mojej sieci \u2013 i dlaczego?\u201d<\/b><\/em><\/p><\/blockquote>\n<p>&nbsp;<\/p>\n<h2 aria-level=\"2\"><span class=\"ez-toc-section\" id=\"NetFlow_jako_fundament_cyberbezpieczenstwa_SecOps\"><\/span><b><span data-contrast=\"none\">NetFlow jako fundament cyberbezpiecze\u0144stwa (SecOps)<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:299,&quot;335559739&quot;:299}\">\u00a0<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span data-contrast=\"auto\">W \u015bwiecie cyberbezpiecze\u0144stwa widoczno\u015b\u0107 to wszystko.<\/span><br \/>\n<span data-contrast=\"auto\"> Nie mo\u017cna ochroni\u0107 czego\u015b, czego si\u0119 nie widzi \u2014 a NetFlow w\u0142a\u015bnie t\u0119 widoczno\u015b\u0107 zapewnia.<\/span><br \/>\n<span data-contrast=\"auto\"> Ka\u017cdy przep\u0142yw sieciowy to \u015blad po komunikacji mi\u0119dzy urz\u0105dzeniami, aplikacjami i u\u017cytkownikami. Analizuj\u0105c te \u015blady, mo\u017cna wykry\u0107 anomalie, nietypowe zachowania i ataki jeszcze zanim spowoduj\u0105 realne szkody.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Dla zespo\u0142\u00f3w <\/span><b><span data-contrast=\"auto\">Security Operations (SecOps)<\/span><\/b><span data-contrast=\"auto\"> dane NetFlow s\u0105 nieocenionym \u017ar\u00f3d\u0142em informacji o tym, <\/span><b><span data-contrast=\"auto\">co naprawd\u0119 dzieje si\u0119 w sieci<\/span><\/b><span data-contrast=\"auto\">, niezale\u017cnie od tego, czy ruch jest szyfrowany, czy nie.<\/span><br \/>\n<span data-contrast=\"auto\"> W po\u0142\u0105czeniu z odpowiednim systemem analitycznym, takim jak <\/span><b><span data-contrast=\"auto\">Sycope<\/span><\/b><span data-contrast=\"auto\">, staj\u0105 si\u0119 fundamentem nowoczesnego podej\u015bcia do bezpiecze\u0144stwa sieciowego.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Wykrywanie anomalii i atak\u00f3w DDoS<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Jednym z najcz\u0119stszych zastosowa\u0144 danych NetFlow w bezpiecze\u0144stwie jest analiza wolumetrycznych atak\u00f3w typu <\/span><b><span data-contrast=\"auto\">DDoS (Distributed Denial of Service)<\/span><\/b><span data-contrast=\"auto\">.<\/span><br \/>\n<span data-contrast=\"auto\"> NetFlow pozwala nie tylko wykry\u0107 gwa\u0142towny wzrost ruchu, ale te\u017c zidentyfikowa\u0107 jego \u017ar\u00f3d\u0142a, protoko\u0142y i kierunki przep\u0142ywu.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Przyk\u0142ad praktyczny:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Platforma Sycope wykrywa w czasie rzeczywistym gwa\u0142towny wzrost liczby przep\u0142yw\u00f3w UDP kierowanych do jednego hosta w DMZ.<\/span><br \/>\n<span data-contrast=\"auto\"> Analiza danych NetFlow pokazuje, \u017ce ruch pochodzi z tysi\u0119cy unikalnych adres\u00f3w IP w kr\u00f3tkim czasie \u2013 klasyczny sygnatura ataku DDoS.<\/span><br \/>\n<span data-contrast=\"auto\"> Administrator mo\u017ce natychmiast zidentyfikowa\u0107 cel ataku i podj\u0105\u0107 dzia\u0142ania \u2013 np. przekierowa\u0107 ruch do centrum scrubbingu lub uruchomi\u0107 filtracj\u0119 upstream.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><strong>Chcesz wiedzie\u0107 wi\u0119cej? Przeczytaj tutaj\u27a1\ufe0f <a href=\"https:\/\/www.sycope.com\/pl\/post\/zaawansowane-metody-ochrony-przed-atakami-ddos-w-frimach\">https:\/\/www.sycope.com\/pl\/post\/zaawansowane-metody-ochrony-przed-atakami-ddos-w-frimach<\/a>\u00a0<\/strong><\/p>\n<p><b><span data-contrast=\"auto\">Wnioski:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> NetFlow zapewnia warstw\u0119 detekcji niezale\u017cn\u0105 od payloadu \u2013 pozwala rozpozna\u0107 atak na podstawie <\/span><b><span data-contrast=\"auto\">charakterystyki ruchu<\/span><\/b><span data-contrast=\"auto\">, a nie jego tre\u015bci.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Identyfikacja skanowania sieci<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Skanowanie port\u00f3w i adres\u00f3w to pierwszy etap niemal ka\u017cdego ataku.<\/span><br \/>\n<span data-contrast=\"auto\"> Zanim intruz przejdzie do eksploitacji, musi dowiedzie\u0107 si\u0119, kt\u00f3re us\u0142ugi s\u0105 dost\u0119pne.<\/span><br \/>\n<span data-contrast=\"auto\"> NetFlow umo\u017cliwia wykrycie takiej aktywno\u015bci z ogromn\u0105 skuteczno\u015bci\u0105, nawet je\u015bli skanowanie odbywa si\u0119 wolno i rozproszonymi metodami.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Przyk\u0142ad praktyczny:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Analiza przep\u0142yw\u00f3w w Sycope ujawnia, \u017ce jeden z host\u00f3w u\u017cytkownik\u00f3w generuje po\u0142\u0105czenia TCP do dziesi\u0105tek r\u00f3\u017cnych adres\u00f3w IP w tym samym segmencie, z r\u00f3\u017cnymi portami docelowymi.<\/span><br \/>\n<span data-contrast=\"auto\"> IDS mo\u017ce tego nie zauwa\u017cy\u0107, bo ka\u017cde po\u0142\u0105czenie jest poprawne z punktu widzenia protoko\u0142u \u2014 ale NetFlow ujawnia <\/span><b><span data-contrast=\"auto\">nietypowy wzorzec komunikacji<\/span><\/b><span data-contrast=\"auto\">, kt\u00f3ry odbiega od normalnego profilu ruchu u\u017cytkownika.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\"><strong>Chcesz wiedzie\u0107 wi\u0119cej? Przeczytaj tutaj<\/strong>\u27a1\ufe0f <strong><a href=\"https:\/\/www.sycope.com\/pl\/post\/wykrywanie-skanowania-sieci-przy-uzyciu-netflow\">https:\/\/www.sycope.com\/pl\/post\/wykrywanie-skanowania-sieci-przy-uzyciu-netflow<\/a><\/strong><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Wnioski:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Dzi\u0119ki analizie NetFlow mo\u017cna wykrywa\u0107 <\/span><b><span data-contrast=\"auto\">ciche rekonesanse<\/span><\/b><span data-contrast=\"auto\"> i dzia\u0142ania przygotowawcze atakuj\u0105cych, zanim zostanie wykonane faktyczne w\u0142amanie.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Rola NetFlow w systemach NDR (Network Detection and Response)<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">W architekturze nowoczesnego SOC dane NetFlow stanowi\u0105 <\/span><b><span data-contrast=\"auto\">rdze\u0144 warstwy Network Detection and Response (NDR)<\/span><\/b><span data-contrast=\"auto\">.<\/span><br \/>\n<span data-contrast=\"auto\"> Systemy klasy NDR wykorzystuj\u0105 je do budowania profili normalnego ruchu i identyfikacji odchyle\u0144 \u2013 niezale\u017cnie od szyfrowania.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Przyk\u0142ad praktyczny:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> W sieci korporacyjnej 80% ruchu jest szyfrowane (HTTPS, TLS). Analiza pakiet\u00f3w nie przynosi efektu, ale dane NetFlow ujawniaj\u0105, \u017ce jeden z host\u00f3w zaczyna nawi\u0105zywa\u0107 <\/span><b><span data-contrast=\"auto\">du\u017c\u0105 liczb\u0119 kr\u00f3tkich po\u0142\u0105cze\u0144 HTTPS<\/span><\/b><span data-contrast=\"auto\"> do nietypowych domen.<\/span> \u00a0<span data-contrast=\"auto\">To wzorzec charakterystyczny dla komunikacji malware z serwerem C&amp;C.<\/span> \u00a0<span data-contrast=\"auto\">Dzi\u0119ki korelacji z innymi \u017ar\u00f3d\u0142ami (DNS, logi proxy, EDR) system NDR mo\u017ce natychmiast oznaczy\u0107 host jako podejrzany.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Wnioski:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> NetFlow stanowi <\/span><b><span data-contrast=\"auto\">niezale\u017cne, nienaruszalne \u017ar\u00f3d\u0142o danych<\/span><\/b><span data-contrast=\"auto\">, kt\u00f3re pozwala na skuteczn\u0105 analiz\u0119 nawet w \u015brodowiskach, gdzie 100% ruchu jest szyfrowane.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Jak dane NetFlow wspieraj\u0105 zespo\u0142y SecOps<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Z perspektywy operacyjnej NetFlow integruje si\u0119 z codziennymi procesami pracy zespo\u0142\u00f3w SOC i SecOps:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"17\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Dostarcza <\/span><b><span data-contrast=\"auto\">kontekst<\/span><\/b><span data-contrast=\"auto\"> do alert\u00f3w z innych system\u00f3w (IDS\/IPS, EDR, SIEM).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"17\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Umo\u017cliwia <\/span><b><span data-contrast=\"auto\">korelacj\u0119 zdarze\u0144<\/span><\/b><span data-contrast=\"auto\"> na poziomie ca\u0142ej sieci \u2014 np. \u015bledzenie propagacji incydentu od pierwszego hosta.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"17\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Pozwala tworzy\u0107 <\/span><b><span data-contrast=\"auto\">profile behawioralne<\/span><\/b><span data-contrast=\"auto\"> ruchu i wykrywa\u0107 odchylenia w czasie rzeczywistym.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"17\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Wspiera analiz\u0119 post factum (forensic) \u2014 bo dane przep\u0142yw\u00f3w mo\u017cna archiwizowa\u0107 przez miesi\u0105ce bez konieczno\u015bci przechowywania gigabajt\u00f3w pakiet\u00f3w.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><b><span data-contrast=\"auto\">Przyk\u0142ad:<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Zesp\u00f3\u0142 SOC otrzymuje alert o nietypowym ruchu DNS.<\/span><br \/>\n<span data-contrast=\"auto\"> Dzi\u0119ki integracji Sycope z SIEM, analityk mo\u017ce jednym klikni\u0119ciem przej\u015b\u0107 do kontekstu NetFlow i zobaczy\u0107, \u017ce ruch ten pochodzi\u0142 z konkretnej podsieci, by\u0142 kierowany do podejrzanych domen i dotyczy\u0142 trzech host\u00f3w.<\/span> \u00a0<span data-contrast=\"auto\">To skraca czas reakcji z godzin do minut.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\"><strong>Chcesz wiedzie\u0107 wi\u0119cej? Przeczytaj tutaj <\/strong>\u27a1\ufe0f <strong><a href=\"https:\/\/www.sycope.com\/pl\/post\/netflow-jako-wartosciowe-zrodlo-danych-dla-zespolow-sec-ops\">https:\/\/www.sycope.com\/pl\/post\/netflow-jako-wartosciowe-zrodlo-danych-dla-zespolow-sec-ops<\/a><\/strong><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Wsp\u00f3\u0142czesne zagro\u017cenia coraz cz\u0119\u015bciej ukrywaj\u0105 si\u0119 w szyfrowanym ruchu, komunikacji mi\u0119dzy systemami lub us\u0142ugach chmurowych.<\/span> <span data-contrast=\"auto\">Dlatego skuteczna obrona wymaga <\/span><b><span data-contrast=\"auto\">widoczno\u015bci na poziomie sieci<\/span><\/b><span data-contrast=\"auto\"> \u2014 a t\u0119 zapewnia w\u0142a\u015bnie NetFlow.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">W po\u0142\u0105czeniu z platform\u0105 analityczn\u0105 Sycope dane NetFlow staj\u0105 si\u0119 nie tylko zapisem historii ruchu, ale <\/span><b><span data-contrast=\"auto\">aktywnym \u017ar\u00f3d\u0142em wiedzy o bezpiecze\u0144stwie<\/span><\/b><span data-contrast=\"auto\">: od wczesnego wykrywania anomalii po analiz\u0119 incydent\u00f3w post factum.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2 aria-level=\"2\"><span class=\"ez-toc-section\" id=\"NetFlow_w_optymalizacji_i_planowaniu_sieci_NetOps\"><\/span><b><span data-contrast=\"none\">NetFlow w optymalizacji i planowaniu sieci (NetOps)<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:299,&quot;335559739&quot;:299}\">\u00a0<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span data-contrast=\"auto\">Nowoczesne zespo\u0142y NetOps dzia\u0142aj\u0105 w \u015bwiecie z\u0142o\u017conych, hybrydowych topologii: SD-WAN, chmura publiczna, \u0142\u0105cza DIA\/MPLS, segmentacja, mikroserwisy, SaaS. W takim \u015brodowisku <\/span><b><span data-contrast=\"auto\">jednolity, skalowalny i weryfikowalny obraz ruchu<\/span><\/b><span data-contrast=\"auto\"> jest warunkiem stabilno\u015bci. NetFlow\/IPFIX dostarcza ten obraz w spos\u00f3b lekki dla infrastruktury, a w po\u0142\u0105czeniu z analityk\u0105 Sycope przek\u0142ada si\u0119 na <\/span><b><span data-contrast=\"auto\">konkretne decyzje operacyjne<\/span><\/b><span data-contrast=\"auto\">: od capacity planning, przez weryfikacj\u0119 QoS, po automatyczn\u0105 inwentaryzacj\u0119 zasob\u00f3w i mapowanie zale\u017cno\u015bci aplikacyjnych.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Capacity Planning \u2013 od trend\u00f3w do prognoz i bud\u017cetu<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><b><span data-contrast=\"auto\">Cel:<\/span><\/b><span data-contrast=\"auto\"> przewidywa\u0107 potrzeby, zanim pojawi\u0105 si\u0119 w\u0105skie gard\u0142a.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Co mierzymy z NetFlow\/IPFIX:<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"18\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><i><span data-contrast=\"auto\">Wolumeny i profile dobowo-tygodniowe<\/span><\/i><span data-contrast=\"auto\"> per interfejs\/lokalizacja\/aplikacja.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"18\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><i><span data-contrast=\"auto\">95th percentile \/ busy hour<\/span><\/i><span data-contrast=\"auto\"> dla uplink\u00f3w i krytycznych klas ruchu.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"18\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><i><span data-contrast=\"auto\">flowDuration<\/span><\/i><span data-contrast=\"auto\"> \/ <\/span><i><span data-contrast=\"auto\">octetDeltaCount<\/span><\/i><span data-contrast=\"auto\"> \/ <\/span><i><span data-contrast=\"auto\">packetDeltaCount<\/span><\/i><span data-contrast=\"auto\"> \u2013 do identyfikacji \u201erozdmuchanych\u201d sesji.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"18\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><i><span data-contrast=\"auto\">DSCP\/ToS<\/span><\/i><span data-contrast=\"auto\"> \u2013 do analizy ruchu per klasa QoS.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"18\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">(Je\u015bli eksporter udost\u0119pnia) <\/span><i><span data-contrast=\"auto\">enterprise fields<\/span><\/i><span data-contrast=\"auto\"> z identyfikacj\u0105 aplikacji\/NBAR lub L7.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><b><span data-contrast=\"auto\">Metodyka w Sycope:<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"19\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Baseline &amp; sezonowo\u015b\u0107:<\/span><\/b><span data-contrast=\"auto\"> budowa profili bazowych per \u0142\u0105cze i per aplikacja (dni tygodnia\/godziny szczytu).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"19\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Trend &amp; prognoza:<\/span><\/b><span data-contrast=\"auto\"> u\u015brednienia krocz\u0105ce + prognoza na 30\/60\/90 dni (np. wzrost % m\/m), z progami ostrzegawczymi.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"19\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Segmentacja obci\u0105\u017cenia:<\/span><\/b><span data-contrast=\"auto\"> rozk\u0142ad ruchu na kategorie (krytyczne biznesowo, operacyjne, best-effort, kopie\/backupy, SaaS).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"19\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Ekonomia \u0142\u0105czy:<\/span><\/b><span data-contrast=\"auto\"> korelacja 95th percentile z fakturami operatora i politykami burstingu.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><b><span data-contrast=\"auto\">Mini-case (SD-WAN + SaaS breakout):<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Po wdro\u017ceniu lokalnego breakout\u2019u do Microsoft 365, profil ruchu w oddzia\u0142ach przesuwa si\u0119 z MPLS na DIA. Analiza NetFlow w Sycope pokazuje spadek obci\u0105\u017cenia klasy <\/span><i><span data-contrast=\"auto\">AF41<\/span><\/i><span data-contrast=\"auto\"> na \u0142\u0105czach MPLS o 27% i jednoczesny wzrost HTTPS do chmury. W oparciu o prognoz\u0119 90-dniow\u0105 mo\u017cna <\/span><b><span data-contrast=\"auto\">zredukowa\u0107 przepustowo\u015b\u0107 MPLS<\/span><\/b><span data-contrast=\"auto\"> o jeden profil taryfowy bez ryzyka utraty SLA.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Weryfikacja QoS \u2013 od teorii w konfiguracji do praktyki w ruchu<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><b><span data-contrast=\"auto\">Cel:<\/span><\/b><span data-contrast=\"auto\"> sprawdzi\u0107, czy priorytetyzacja dzia\u0142a tak, jak zak\u0142adali\u015bmy \u2013 na <\/span><i><span data-contrast=\"auto\">ka\u017cdym<\/span><\/i><span data-contrast=\"auto\"> odcinku \u015bcie\u017cki.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Co sprawdzamy na danych NetFlow\/IPFIX:<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"20\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Klasyfikacja i oznaczanie:<\/span><\/b><span data-contrast=\"auto\"> zgodno\u015b\u0107 DSCP\/CoS z politykami (np. EF dla VoIP, AFxy dla wideo\/aplikacji).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"20\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Symetria \u015bcie\u017cek:<\/span><\/b><span data-contrast=\"auto\"> czy powr\u00f3t ma t\u0119 sam\u0105 klas\u0119 i czy nie dochodzi do rekonfiguracji po drodze.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"20\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Crowding klas:<\/span><\/b><span data-contrast=\"auto\"> sumaryczne wolumeny per DSCP vs. przepustowo\u015b\u0107 kolejek (czy klasa nie jest przewymiarowana\/za ma\u0142a).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"20\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Wska\u017aniki po\u015brednie przeci\u0105\u017ce\u0144:<\/span><\/b><span data-contrast=\"auto\"> skoki liczby kr\u00f3tkich przep\u0142yw\u00f3w TCP, wzrost RST\/FIN (na poziomie agregat\u00f3w), wyd\u0142u\u017canie <\/span><i><span data-contrast=\"auto\">flowDuration<\/span><\/i><span data-contrast=\"auto\"> przy sta\u0142ej liczbie pakiet\u00f3w (sygna\u0142 kolejkowania).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Uwaga: retransmisje\/RTT nie s\u0105 cz\u0119\u015bci\u0105 standardowych rekord\u00f3w NetFlow; niekt\u00f3rzy producenci eksportuj\u0105 pola rozszerzone \u2013 Sycope je wykorzysta, je\u015bli s\u0105 dost\u0119pne.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Mini-case (VoIP vs. backup):<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Po wdro\u017ceniu nowej polityki QoS, VoIP nadal \u201eklatkuje\u201d w godzinach nocnych. NetFlow pokazuje, \u017ce ruch <\/span><i><span data-contrast=\"auto\">EF<\/span><\/i><span data-contrast=\"auto\"> jest poprawnie oznaczony, ale <\/span><b><span data-contrast=\"auto\">kopie przyrostowe<\/span><\/b><span data-contrast=\"auto\"> w klasie <\/span><i><span data-contrast=\"auto\">AF11<\/span><\/i><span data-contrast=\"auto\"> nachodz\u0105 na okno utrzymaniowe i okresowo wype\u0142niaj\u0105 \u0142\u0105cze. Zmiana harmonogramu backup\u00f3w + limit <\/span><i><span data-contrast=\"auto\">AF11<\/span><\/i><span data-contrast=\"auto\"> rozwi\u0105zuje problem bez zwi\u0119kszania przepustowo\u015bci.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Performance i \u201ebrownouty\u201d \u2013 wykrywanie subtelnych degradacji<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Nie ka\u017cda awaria to \u201eblackout\u201d. Cz\u0119stsze s\u0105 <\/span><b><span data-contrast=\"auto\">brownouty<\/span><\/b><span data-contrast=\"auto\"> \u2013 drobne, ale uci\u0105\u017cliwe degradacje.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Jak pomaga NetFlow\/IPFIX:<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"21\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Mikro-przeci\u0105\u017cenia:<\/span><\/b><span data-contrast=\"auto\"> kr\u00f3tkie piki flow\u2019\u00f3w HTTPS do pojedynczych domen (np. CDN) \u2013 cz\u0119sto niewidoczne w SNMP.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"21\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">\u201eChatty\u201d aplikacje:<\/span><\/b><span data-contrast=\"auto\"> du\u017ca liczba kr\u00f3tkich flows per transakcja = nadmierny <\/span><i><span data-contrast=\"auto\">chattiness<\/span><\/i><span data-contrast=\"auto\"> (NAT\/Firewall w\u0105skie gard\u0142a).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"21\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Asymetrie L3\/L4:<\/span><\/b><span data-contrast=\"auto\"> nietypowe pary port\u00f3w\/protoko\u0142\u00f3w dla \u201eznanych\u201d aplikacji ujawniaj\u0105 b\u0142\u0119dn\u0105 konfiguracj\u0119\/zmiany po stronie dostawcy SaaS.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><b><span data-contrast=\"auto\">Mini-case (SaaS ERP):<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> U\u017cytkownicy zg\u0142aszaj\u0105 sporadyczne zawieszki formularzy. Sycope wykrywa korelacj\u0119: kr\u00f3tkie piki liczby flows do domeny ERP w \u015bci\u015ble okre\u015blonych minutach po pe\u0142nej godzinie \u2013 winny jest <\/span><b><span data-contrast=\"auto\">skrypt integracyjny<\/span><\/b><span data-contrast=\"auto\"> w integratorze, kt\u00f3ry zaczyna r\u00f3wnoleg\u0142e zapytania. Ograniczenie r\u00f3wnoleg\u0142o\u015bci usuwa brownout bez ruszania \u0142\u0105czy.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Automatyczna inwentaryzacja zasob\u00f3w i mapowanie po\u0142\u0105cze\u0144<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><b><span data-contrast=\"auto\">Cel:<\/span><\/b><span data-contrast=\"auto\"> wiedzie\u0107, <\/span><i><span data-contrast=\"auto\">co<\/span><\/i><span data-contrast=\"auto\"> naprawd\u0119 mamy w sieci i <\/span><i><span data-contrast=\"auto\">jak<\/span><\/i><span data-contrast=\"auto\"> to ze sob\u0105 rozmawia.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Na bazie danych flow:<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"22\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Odkrywanie zasob\u00f3w (passive asset discovery):<\/span><\/b><span data-contrast=\"auto\"> hosty, serwery, urz\u0105dzenia sieciowe, adresacje, VLAN (je\u015bli eksporter eksportuje L2\/VRF).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"22\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Topologia komunikacji:<\/span><\/b><span data-contrast=\"auto\"> rzeczywiste zale\u017cno\u015bci aplikacyjne (kto \u2192 do kogo \u2192 po czym \u2192 jak cz\u0119sto).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"22\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Wykrywanie \u201eshadow IT\u201d:<\/span><\/b><span data-contrast=\"auto\"> nieautoryzowane us\u0142ugi (np. w\u0142asne serwery HTTP\/DB w segmentach u\u017cytkownik\u00f3w).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"22\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Weryfikacja segmentacji:<\/span><\/b><span data-contrast=\"auto\"> czy polityki mikrosegmentacji s\u0105 respektowane (brak flows mi\u0119dzy zakazanymi strefami).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><b><span data-contrast=\"auto\">Mini-case (migracja do chmury):<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> Przed przeniesieniem mikroserwisu do Azure, mapa przep\u0142yw\u00f3w z Sycope odkrywa ukryt\u0105 zale\u017cno\u015b\u0107 do wewn\u0119trznego brokera MQ w VLAN-ie admin. Dzi\u0119ki temu do zakresu projektu dodano <\/span><b><span data-contrast=\"auto\">NAT i regu\u0142y firewall<\/span><\/b><span data-contrast=\"auto\">, unikaj\u0105c przestoju po migracji.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\"><strong>Chcesz wiedzie\u0107 wi\u0119cej? Przeczytaj tutaj <\/strong>\u27a1\ufe0f <strong><a href=\"https:\/\/www.sycope.com\/pl\/post\/wykrywanie-zasobow-i-ich-polaczen-na-podstawie-netflow\">https:\/\/www.sycope.com\/pl\/post\/wykrywanie-zasobow-i-ich-polaczen-na-podstawie-netflow<\/a><\/strong><\/span><strong>\u00a0<\/strong><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Hybryda i chmura \u2013 VPC Flow Logs jako \u201eNetFlow w chmurze\u201d<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">W chmurach publicznych odpowiednikiem NetFlow s\u0105 <\/span><b><span data-contrast=\"auto\">VPC Flow Logs<\/span><\/b><span data-contrast=\"auto\"> (AWS), <\/span><b><span data-contrast=\"auto\">GCP VPC Flow Logs<\/span><\/b><span data-contrast=\"auto\"> oraz <\/span><b><span data-contrast=\"auto\">Azure NSG Flow Logs<\/span><\/b><span data-contrast=\"auto\">.<\/span><br \/>\n<span data-contrast=\"auto\"> Sycope potrafi je <\/span><b><span data-contrast=\"auto\">korelowa\u0107<\/span><\/b><span data-contrast=\"auto\"> z danymi NetFlow\/IPFIX z on-prem, tworz\u0105c jeden model ruchu:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"23\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Pe\u0142ny \u0142a\u0144cuch komunikacji:<\/span><\/b><span data-contrast=\"auto\"> od stacji w oddziale, przez SD-WAN\/MPLS\/DIA, a\u017c po VPC\/VCN.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"23\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Polityki mi\u0119dzy-\u015brodowiskowe:<\/span><\/b><span data-contrast=\"auto\"> sp\u00f3jno\u015b\u0107 list dost\u0119pu mi\u0119dzy on-prem a chmur\u0105.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"23\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Ekonomia egress:<\/span><\/b><span data-contrast=\"auto\"> widoczno\u015b\u0107 do koszt\u00f3w ruchu wychodz\u0105cego (mapowanie do tag\u00f3w\/projekt\u00f3w).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">SD-WAN, wyb\u00f3r \u015bcie\u017cki i kontrola last mile<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><b><span data-contrast=\"auto\">Co wida\u0107 w NetFlow:<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"24\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Rozk\u0142ad ruchu <\/span><b><span data-contrast=\"auto\">per \u015bcie\u017cka<\/span><\/b><span data-contrast=\"auto\"> (MPLS vs. DIA vs. LTE) oraz <\/span><b><span data-contrast=\"auto\">per klasa DSCP<\/span><\/b><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"24\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Flapping \u015bcie\u017cek<\/span><\/b><span data-contrast=\"auto\"> (cz\u0119ste prze\u0142\u0105czenia) widoczne jako skoki liczby kr\u00f3tkich flows\/zmiany AS-path (je\u015bli eksportowane).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"24\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Degradacje \u201elast mile\u201d<\/span><\/b><span data-contrast=\"auto\"> \u2013 wzrost flows do retransmisji CDN\/OTT w godzinach szczytu u konkretnego ISP (sygna\u0142 przeci\u0105\u017cenia peeringu).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><b><span data-contrast=\"auto\">Mini-case (przeci\u0105\u017cony ISP w oddziale):<\/span><\/b><br \/>\n<span data-contrast=\"auto\"> U\u017cytkownicy Teams narzekaj\u0105 na jako\u015bc wideo. NetFlow pokazuje, \u017ce przy sta\u0142ym wolumenie ro\u015bnie liczba kr\u00f3tkich flows do jednej podsieci ISP mi\u0119dzy 10:00 a 11:00. Zmiana priorytetu \u015bcie\u017cki na MPLS w tej godzinie eliminuje problem do czasu renegocjacji umowy z ISP.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Playbook NetOps na danych NetFlow (praktyka w Sycope)<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<ol>\n<li><b><span data-contrast=\"auto\">Zbuduj baseline<\/span><\/b><span data-contrast=\"auto\"> per \u0142\u0105cze\/klasa\/aplikacja (30\u201360 dni).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Ustal KPI\/SLO:<\/span><\/b><span data-contrast=\"auto\"> wykorzystanie 95th \u2264 X%, udzia\u0142 klasy EF \u2265 Y% w godzinach H, brak flows mi\u0119dzy strefami A\u2013B.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Automatyzuj alerty behawioralne:<\/span><\/b><span data-contrast=\"auto\"> odchylenia od baseline, niespodziewane domeny\/ASN, nag\u0142e <\/span><i><span data-contrast=\"auto\">fan-out\/fan-in<\/span><\/i><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Weryfikuj zmiany (pre\/post):<\/span><\/b><span data-contrast=\"auto\"> ka\u017cda zmiana w QoS\/routingu powinna mie\u0107 raport \u201eprzed\/po\u201d na danych flow.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Planuj bud\u017cet \u0142\u0105czy z wyprzedzeniem:<\/span><\/b><span data-contrast=\"auto\"> prognoza 90 dni + scenariusze \u201eco-je\u015bli\u201d (np. rollout nowej aplikacji).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Kataloguj zale\u017cno\u015bci aplikacyjne:<\/span><\/b><span data-contrast=\"auto\"> utrzymuj \u017cyw\u0105 map\u0119 komunikacji do cel\u00f3w audytu i DR.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ol>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Co zyskujesz w liczbach (przyk\u0142adowe KPI)<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">-30\u201340% czasu TTR<\/span><\/b><span data-contrast=\"auto\"> dla incydent\u00f3w wydajno\u015bciowych (szybsza diagnoza \u017ar\u00f3d\u0142a).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">-10\u201325% koszt\u00f3w \u0142\u0105czy<\/span><\/b><span data-contrast=\"auto\"> dzi\u0119ki \u015bwiadomemu capacity planning i optymalizacji \u015bcie\u017cek.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">+100% pokrycia zale\u017cno\u015bci<\/span><\/b><span data-contrast=\"auto\"> aplikacyjnych (z dokumentacji \u201epapierowej\u201d do rzeczywisto\u015bci).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">-50% brownout\u00f3w<\/span><\/b><span data-contrast=\"auto\"> przez proaktywne alerty odchyle\u0144 od baseline.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span data-contrast=\"auto\">NetFlow\/IPFIX to kr\u0119gos\u0142up obserwowalno\u015bci sieci. W po\u0142\u0105czeniu z analityk\u0105 Sycope zamienia surowe rekordy w <\/span><b><span data-contrast=\"auto\">operacyjne decyzje<\/span><\/b><span data-contrast=\"auto\">: kiedy zwi\u0119kszy\u0107 \u0142\u0105cze, gdzie skorygowa\u0107 QoS, kt\u00f3re zale\u017cno\u015bci s\u0105 krytyczne przed zmian\u0105, i jak projektowa\u0107 topologi\u0119 pod realny ruch \u2013 nie pod intuicj\u0119.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2 aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Od_danych_NetFlow_do_wiedzy_biznesowej_z_Sycope\"><\/span><b><span data-contrast=\"none\">Od danych NetFlow do wiedzy biznesowej z Sycope<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:299,&quot;335559739&quot;:299}\">\u00a0<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span data-contrast=\"auto\">Samo zbieranie danych NetFlow to dopiero pocz\u0105tek.<\/span><br \/>\n<span data-contrast=\"auto\">Rzeczywista warto\u015b\u0107 nie kryje si\u0119 w liczbach, ale w <\/span><b><span data-contrast=\"auto\">zrozumieniu kontekstu i powi\u0105za\u0144 mi\u0119dzy nimi<\/span><\/b><span data-contrast=\"auto\">. Bez odpowiedniego narz\u0119dzia dane o przep\u0142ywach pozostaj\u0105 jedynie surowymi rekordami.<\/span><br \/>\n<span data-contrast=\"auto\">Dopiero ich analiza, korelacja i wizualizacja w czasie rzeczywistym zamieniaj\u0105 je w <\/span><b><span data-contrast=\"auto\">wiedz\u0119 operacyjn\u0105 i strategiczn\u0105<\/span><\/b><span data-contrast=\"auto\"> \u2014 wiedz\u0119, kt\u00f3ra wspiera decyzje od poziomu in\u017cyniera po zarz\u0105d.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Od widoczno\u015bci technicznej do warto\u015bci biznesowej<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Dzi\u0119ki analizie przep\u0142yw\u00f3w zespo\u0142y IT i bezpiecze\u0144stwa mog\u0105 odpowiedzie\u0107 nie tylko na pytania techniczne (\u201ekto zajmuje pasmo?\u201d, \u201esk\u0105d atak?\u201d), ale te\u017c biznesowe:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"27\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Czy nasze \u0142\u0105cza s\u0105 wykorzystywane optymalnie wzgl\u0119dem koszt\u00f3w?<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"27\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Czy polityki bezpiecze\u0144stwa realnie chroni\u0105 krytyczne dane?<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"27\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Czy infrastruktura jest przygotowana na planowan\u0105 transformacj\u0119 chmurow\u0105?<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Ka\u017cdy z tych wniosk\u00f3w zaczyna si\u0119 od danych NetFlow \u2014 i ko\u0144czy si\u0119 na <\/span><b><span data-contrast=\"auto\">realnych decyzjach biznesowych<\/span><\/b><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Dlaczego Sycope?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><b><span data-contrast=\"auto\">Sycope<\/span><\/b><span data-contrast=\"auto\"> zosta\u0142 stworzony z my\u015bl\u0105 o tym, by wyj\u015b\u0107 poza klasyczny monitoring sieci.<\/span><br \/>\n<span data-contrast=\"auto\"> \u0141\u0105czy w sobie:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"28\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">zaawansowan\u0105 analityk\u0119 danych NetFlow\/IPFIX\/sFlow\/VPC Flow Logs<\/span><\/b><span data-contrast=\"auto\">,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"28\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">mechanizmy detekcji anomalii i zachowa\u0144 (behavioral analytics)<\/span><\/b><span data-contrast=\"auto\">,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"28\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">modu\u0142y korelacji bezpiecze\u0144stwa (NDR\/SecOps)<\/span><\/b><span data-contrast=\"auto\">,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"28\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">kompleksowe raportowanie wydajno\u015bci i capacity planning (NetOps)<\/span><\/b><span data-contrast=\"auto\">,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"28\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">wizualizacj\u0119 relacji aplikacyjnych i zale\u017cno\u015bci systemowych<\/span><\/b><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">To jedno narz\u0119dzie, kt\u00f3re daje pe\u0142n\u0105 odpowied\u017a na pytanie:<\/span><br \/>\n<b><span data-contrast=\"auto\">\u201eCo dzieje si\u0119 w mojej sieci \u2013 i co z tego wynika?\u201d<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Przewaga Sycope nad klasycznymi systemami monitoringu<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<div style=\"overflow-x: auto; margin: 20px 0; font-family: 'DM Sans', sans-serif;\">\n<table style=\"width: 100%; border-collapse: collapse; border: 1px solid #ddd; font-family: 'DM Sans', sans-serif; font-size: 15px;\">\n<thead>\n<tr style=\"background-color: #f4f6fb; color: #222; text-align: left;\">\n<th style=\"padding: 12px; border: 1px solid #ddd;\">Obszar<\/th>\n<th style=\"padding: 12px; border: 1px solid #ddd;\">Klasyczny monitoring<\/th>\n<th style=\"padding: 12px; border: 1px solid #ddd;\">Sycope<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Zakres danych<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">SNMP, syslog, uptime<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Pe\u0142na analityka przep\u0142yw\u00f3w (NetFlow\/IPFIX\/sFlow)<\/td>\n<\/tr>\n<tr style=\"background-color: #fafbff;\">\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Widoczno\u015b\u0107<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Metryki urz\u0105dze\u0144<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Rzeczywisty ruch mi\u0119dzy hostami i aplikacjami<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Kontekst bezpiecze\u0144stwa<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Brak lub ograniczony<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Detekcja anomalii, korelacja SecOps\/NDR<\/td>\n<\/tr>\n<tr style=\"background-color: #fafbff;\">\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Skalowalno\u015b\u0107<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Lokalna<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Multi-site, multi-vendor, chmura + on-prem<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Raportowanie<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Statyczne<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Interaktywne dashboardy i alerty behawioralne<\/td>\n<\/tr>\n<tr style=\"background-color: #fafbff;\">\n<td style=\"padding: 12px; border: 1px solid #ddd; font-weight: bold; color: #1769ff;\">Czas reakcji<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Reaktywne<\/td>\n<td style=\"padding: 12px; border: 1px solid #ddd;\">Predykcyjne, oparte o baseline i trend<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<\/div>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Sycope jako platforma \u0142\u0105cz\u0105ca \u015bwiat NetOps i SecOps<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Dzisiejsze granice mi\u0119dzy wydajno\u015bci\u0105 a bezpiecze\u0144stwem zacieraj\u0105 si\u0119.<\/span><br \/>\n<span data-contrast=\"auto\"> Ten sam ruch, kt\u00f3ry powoduje spadek jako\u015bci aplikacji, mo\u017ce by\u0107 symptomem ataku.<\/span><br \/>\n<span data-contrast=\"auto\"> Sycope spina oba \u015bwiaty \u2014 <\/span><b><span data-contrast=\"auto\">NetOps<\/span><\/b><span data-contrast=\"auto\"> i <\/span><b><span data-contrast=\"auto\">SecOps<\/span><\/b><span data-contrast=\"auto\"> \u2014 w jednym, wsp\u00f3lnym modelu widoczno\u015bci.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Zespo\u0142y operacyjne widz\u0105 to samo, co zespo\u0142y bezpiecze\u0144stwa, analizuj\u0105c te same dane z r\u00f3\u017cnych perspektyw.<\/span><br \/>\n<span data-contrast=\"auto\"> To skraca czas reakcji, eliminuje silosy informacyjne i pozwala przej\u015b\u0107 z modelu \u201ereaguj\u201d do modelu \u201eprzewiduj\u201d.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">Od danych do decyzji \u2013 i do przewagi<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">W erze z\u0142o\u017conych \u015brodowisk IT, bezpiecze\u0144stwo i wydajno\u015b\u0107 staj\u0105 si\u0119 nierozerwalne.<\/span><br \/>\n<span data-contrast=\"auto\"> NetFlow jest punktem wyj\u015bcia, ale <\/span><b><span data-contrast=\"auto\">inteligentna analiza danych w Sycope<\/span><\/b><span data-contrast=\"auto\"> to przewaga, kt\u00f3r\u0105 trudno przeceni\u0107:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"29\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">widzisz wcze\u015bniej,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"29\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">reagujesz szybciej,<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"29\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">planujesz m\u0105drzej.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Chcesz zobaczy\u0107, jak Sycope przekszta\u0142ca dane NetFlow w konkretne odpowiedzi? <\/span><span data-contrast=\"auto\">Jak w kilka minut mo\u017cesz zidentyfikowa\u0107 \u017ar\u00f3d\u0142o przeci\u0105\u017cenia, wykry\u0107 anomali\u0119 bezpiecze\u0144stwa lub zobaczy\u0107 rzeczywist\u0105 map\u0119 komunikacji w swojej sieci?<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">\ud83d\udc49 <\/span><a href=\"https:\/\/www.sycope.com\/pl\/demo\"><b><span data-contrast=\"auto\">Um\u00f3w si\u0119 na bezp\u0142atne demo Sycope<\/span><\/b><\/a> lub<a href=\"https:\/\/www.sycope.com\/pl\/darmowa-wersja\"><b><span data-contrast=\"auto\"> skorzystaj z darmowej wersji <\/span><\/b><\/a><span data-contrast=\"auto\">i przekonaj si\u0119, jak wygl\u0105da pe\u0142na widoczno\u015b\u0107 \u2013 od pakietu po biznes.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Technologia NetFlow umo\u017cliwia administratorom i zespo\u0142om bezpiecze\u0144stwa dok\u0142adne zrozumienie, kto, kiedy i w jaki spos\u00f3b korzysta z zasob\u00f3w sieciowych. To w\u0142a\u015bnie ona stanowi podstaw\u0119 dla analizy wydajno\u015bci, planowania pojemno\u015bci, a przede wszystkim \u2013 dla wykrywania zagro\u017ce\u0144 i anomalii w ruchu.\u00a0 W tym artykule znajdziesz kompletny przewodnik po NetFlow \u2013 od podstaw dzia\u0142ania, przez najwa\u017cniejsze standardy [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1396,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[99],"tags":[114,115],"product":[163,164,165,166],"topic":[168,169],"class_list":["post-1691","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-analizy-netflow","tag-skanowanie-sieci","product-asset-discovery-pl","product-performance-pl","product-security-pl","product-visibility-pl","topic-monitorowanie-i-analiza-sieci","topic-zarzadzanie-infrastruktura-it"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sycope.com\/pl\/wp-json\/wp\/v2\/posts\/1691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sycope.com\/pl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sycope.com\/pl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sycope.com\/pl\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sycope.com\/pl\/wp-json\/wp\/v2\/comments?post=1691"}],"version-history":[{"count":7,"href":"https:\/\/www.sycope.com\/pl\/wp-json\/wp\/v2\/posts\/1691\/revisions"}],"predecessor-version":[{"id":2890,"href":"https:\/\/www.sycope.com\/pl\/wp-json\/wp\/v2\/posts\/1691\/revisions\/2890"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sycope.com\/pl\/wp-json\/wp\/v2\/media\/1396"}],"wp:attachment":[{"href":"https:\/\/www.sycope.com\/pl\/wp-json\/wp\/v2\/media?parent=1691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sycope.com\/pl\/wp-json\/wp\/v2\/categories?post=1691"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sycope.com\/pl\/wp-json\/wp\/v2\/tags?post=1691"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.sycope.com\/pl\/wp-json\/wp\/v2\/product?post=1691"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.sycope.com\/pl\/wp-json\/wp\/v2\/topic?post=1691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}