Encrypted Traffic Analytics (ETA) uses machine learning on an application to determine the flow characteristics such as malware
analysis and crypto audit.
Based on the flow-record associated with flow-monitor, the switch creates an exporter template that shows NetFlow records
with derived collect fields. Along with the ETA data, FNF data for a corresponding flow is also exported.
ETA supports multiple templates for the configuration export. There is one template per ETA attribute and ETA sends individual
attribute detail in each template during the export. Sequence of Packet Length and Times (SPLT) and Initial Data Packet (IDP)
are stored in separate templates, which are used to generate NetFlow records. Both these NetFlow records are sent for a given
These templates are sent whenever the data is ready. This helps NetFlow collector to interpret data with correct attribute
values. The exporter destination and port is going to be common for all interfaces and this value is provided in the global
et-analytics configuration command. The scale number for ETA is 2000 flows per second.
This template export supports only one exporter IP address for an ETA flow-monitor. Multiple template export is supported
for NetrFlow v9 version. from