Understanding filters and filtering
Filtering ensures that only specific traffic reaches your analysis tools. Filters can also extend the lifespan of analysis tools, isolate specific traffic, and preserve data security and privacy.
Use filters to ensure that only specific traffic reaches your analysis tools. Each analysis tool in the organization has a purpose. They function best when data is provided to suit that purpose. Conceptually, a tool configured to only measure VoIP quality should receive VoIP streams and nothing else. Because any other data is unnecessary, create a filter to ensure only VoIP streams reach the tool.
Filtering can extend the lifespan of tools. The network is expected to grow faster than your monitoring equipment is expected to be upgraded or replaced. Filters can help your organization keep pace with the network by isolating only what is needed, whether that contains certain address ranges, protocols, or other criteria. Plus, filtering narrows the amount of data forwarded, so tools use less resources and generate less heat.
Filters work within rules. Alone, a filter is not functional. A filter performs its functions after the filter is bound to a rule and this rule is used in a layout. The filter itself can be complex and even reference other filters.
Filtering can help isolate virtual traffic. Virtual networks within the network can be difficult to monitor. For example, traffic from many virtual local area networks (VLANs) might flow through the same network switch. If a specific VLAN ID contains data your tools need, use a filter to isolate this virtual traffic and forward it to those tools.
Filtering can help prohibit sensitive data from being analyzed or leaked. If sensitive data is traversing the network, you may want to, for example, prohibit the data from traveling to tools at the network edge. Consider this scenario: Digital Imaging and Communications in Medicine (DICOM) is a set of network protocols used to store, retrieve, and query, patient medical images and reports. Furthermore, the electronic security of patient health information is protected in the United States in part by the HIPAA Security Rule. In this scenario, aid HIPAA compliance by editing a filter to exclude DICOM traffic from flowing to certain tools.