...
In opFlow, navigate to menu -> Views -> TopN. The TopN feature can display the top Applications, Top Application Sources, Top Application Conversations, Top Listeners, Top Protocols, Top Talkers, and Top TOS. Select the Top Application Conversations and you will see what device or interface is sending and receiving the most packets. For example, in Figure 2 below flow data captured the Source, Destination, Application, Port, as well as the number of Flows and Packets. Using this information it would be easy to identify a DoS attack on your network by identifying unusually high numbers of Flows/Packets being sent from an untrusted source. You can use NetFlow/opFlow along with DNS records to help you detect malicious traffic such as suspicious VPN requests or requests to .gov and .edu sites when you should not have traffic from there. Noticing these types of activities early will decrease your incident response time or possibly prevent it an incident entirely.
Figure 2 - Top Application Conversations