Roll Your Own: Custom Application Definition for FlowView
Knowing which websites and applications are in use on your network is hard. The number of Saas services, Cloud-based services and smart device apps that are in use is growing at an astronomical rate. But if these apps are impacting the performance of the applications which run your business, you need to get a handle on them and understand their impact. There are over 1,300 applications in the built-in application library with new apps being added all the time, but what about the internal or unique applications used by your organization?
Today we are proud to announce a powerful and intuitive new ability to add custom applications to FlowView so you can see the users and resources used by all of these custom applications. In this post we will walk you through creating custom applications within FlowView.
And if reading isn't your thing, you can watch this video:
Customizing Default Applications
Lets start with the simplest scenario: you want to adjust the one of the default application definitions. (Sorry about the boring applications in use here, this is from our Development office and they never do anything fun ; )
- From the Top Applications View within FlowView locate the application you want to alter, either from the top listings or from the Filter options.
- Mouse over the gear icon at the right of the application listing and choose “Redefine application”
- A pop-over window will list all of the current application settings, alter any values you want to customize.
The Category and Classification fields are used for aggregate reporting, alerting and filtering, and the Risk Level will be used in future reports highlighting the usage of Apps you should keep an eye on.
- Press the Save button and Congratulations, you have customized your first application!
Please Note that with all of these custom application settings you will need to restart the FlowView service, so we recommend you make any changes you are planning and then restart the service once.
Creating New Custom Applications
There are two ways to create custom applications within FlowView, right from an undefined or under-defined application:
- On the Fly - from the Conversation Table within the FlowView user interface using all of the settings from the observed traffic
- From Scratch - from the System/FlowView settings for apps you want to define manually
Undefined vs. Under-defined Applications
There are two ways we think about application definitions here at AppNeta, undefined and under-defined, both of which can be addressed with this new application classification capability.
Undefined applications are ones where there is no meaningful definition of the application, basically you are creating it from scratch. This will be common for custom developed internal applications using specific ports over TCP or UDP.
Under-defined applications are ones where they have been classified correctly by the ports and protocols in use, but there is no context to help you understand what that application is. Examples of this include your company Intranet, Sharepoint or other custom internal web application which are being classified properly as HTTP or TLS (the protocol used for HTTPS traffic), but what would be really useful is to call it “Intranet” or “Sharepoint”. Now you can!
Creating Custom Applications On The Fly
You want to be precise when creating a custom application, so we have made it easy to quickly isolate the traffic you want added to your app and create the app right from the analysis screen.
Here is a quick video of this in action:
In this example we have a lot of traffic going to our AppNeta.com website, which we host within AWS. We want to add a custom category for the “AppNeta Website”. In the screenshot below you can see our number one app is HTTP, and most of the traffic is from Deborah Morgan to AWS.
To add this custom app:
- Drill into the host serving the application.
- From the Host View, go to the Conversation Table, and expand any of the conversations to that host to see the port and protocols involved.
- From the Action Gear at the end of each conversation row, chose the only option there, “Define Custom Application”
- This will automatically pull in the details of that conversation into a new application definition. In this case we want all HTTP traffic to that AWS host, so we delete the local side of the conversation by clicking the “ - “ symbol on that rule.
When defining a Web application, we can get smarter than just TCP traffic over port 80 or 443, we can inspect the HTTP headers to specifically hone in on your custom applications.
Best Practices for adding Custom Web Sites / Applications
FlowView can inspect all HTTP headers when classifying a custom web application, but there are two main headers you will use for most applications. Host the Domain serving the web site, so in the case of this blog post its www.appneta.com. But what about images or other objects which come from 3rd party services like Content Distribution Networks? This is where the Referrer header comes in. To create your custom application for a web app or site, follow these simple steps:
Creating a Custom Application from Scratch
For Applications where you know the ports and protocols used, you can easily create a new application without having to find to corresponding traffic on your network. To create your app:
- From the System Settings gear next to your username in the header choose “FlowView Manage Applications”.
- Press the blue button from the top right corner of the screen.
- Give your application a name, description, category (for aggregate reporting on business and nonbusiness activity), classification (for filtering in or out types of activity like games and social networking) and risk level.
- Add rules defining the ports and protocols used by your custom application. A single application definition can can have up to 100 rules, but if your app needs 100 rules to encompass it all then you should have a serious talk with your architect.
Go try it out!
And the best news? We’ve just finished rolling this out to all active FlowView accounts. Check it out in your account, or sign up for a free trial and see it for yourself!