Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

About the Application Visibility Page

To access this page, click Monitor > Applications.

You can use the Application Visibility page to view information related to bandwidth consumption, session establishment, and the risks associated with your applications, users, and source IP addresses. Based on the details, you can block applications, users, and source IP addresses accordingly. You can accelerate business-critical applications, stagger non-critical applications, and block undesirable applications.

Tasks You Can Perform

You can perform the following tasks from this page:

  • View applications, users, and source IP addresses in Chart view and Grid view. The data is refreshed automatically based on the time range selection, device selection, and filter criteria. You can select Time > Custom to set a custom time range.

  • Use the query builder to create search criteria based on the following search options:

    • User—Users consuming the application in the network.

    • Application—Applications consumed in the network.

    • Source IP—Source IP address consuming the application in the network.

    • Destination IP—Destination IP address accessed in the network.

    Note:

    The search options and the values are displayed based on the available system logs.

    Enter the filter criteria in the chart view, and click Save to save the filter. Click the filter icon and select Show Saved Filters to view the filters that you created. You can re-use the created filters and the used filter name is displayed in the UI.

  • View the aggregate count of applications, content, source IP addresses, and destination IP addresses in the insight bar. The aggregate count changes based on the applied filter values. On click of each count, you are navigated to the event viewer – All Events page with valid filters applied.

    Note:

    Based on the filter criteria in the search bar, the count in the insight bar is updated.

  • View details of an application.

    Select an application and click the Detail View icon or click More and select Detail View to view details of the application.

  • Block applications, see Block Applications

  • Block users, see Block Users

  • Block source IP addresses, see Block Source IP Addresses

Field Descriptions

Table 1 provides guidelines on using the fields of the APPLICATIONS tab in the chart view.

Table 1: APPLICATIONS—Filters in Chart View

Field

Description

Devices

Shows data for all the devices managed by Security Director. Click the All link to select devices. You can select root devices, Logical Systems (LSYS) devices, or Tenant Systems (TSYS) devices to view the result.

Show By

Select from the following options to view a user’s data:

  • Bandwidth - Shows data based on the amount of bandwidth the application has consumed for a particular time range.

  • Sessions - Shows data based on the number of sessions consumed by the application.

Time

Select the required time range to view a user’s data.

Use the custom option to choose the time range if you want to view data for more than one day. The time range is from 00:00 hours to 23:59 hours.

Number of Sessions

Shows total number of application sessions.

When you click the session count link, the All Events page appears.

Number of Blocks

Shows total number of times the application was blocked.

Bandwidth

Shows bandwidth usage of the application.

Risk Level

Shows risk associated with the application. For example, critical, high, unsafe, and so on.

Category

Shows category of the application. For example, web, infrastructure, and so on.

Characteristics

Shows characteristics of the application. For example, prone to misuse, bandwidth consumer, capable of tunneling, and so on.

Block User(s)

Blocks the user from using the application.

Block Application

Blocks the usage of the application.

View All Users

Shows all the users accessing the application.

Clicking View All Users link navigates you to the grid view in the USERS tab.

Table 2 describes the widgets of the APPLICATIONS tab in the grid view.

Table 2: APPLICATIONS—Widgets in Grid View

Widget

Description

Top Users By Volume

Top users of the application; sorted by bandwidth consumption.

Top Apps By Volume

Top applications, such as Amazon, Facebook, and so on of the network traffic; sorted by bandwidth consumption.

Top Category By Volume

Top category, such as web, infrastructure, and so on of the application; sorted by bandwidth consumption.

Top Characteristics By Volume

Top behavioral characteristics, such as prone to misuse, bandwidth consumer, and so on of the application.

Risk Level

Number of events/sessions received; grouped by risk.

Table 3 provides the column details of the APPLICATIONS tab in the grid view.

Table 3: APPLICATIONS—Columns in Grid View

Field

Description

Status

Indicates whether the application has been blocked or not. If the status is green, then the application is not blocked and if the status is red then the application is blocked.

Application Name

Name of the application, such as Amazon, Facebook, and so on.

Ports

Standard or the non-standard port number of the application.

Risk Level

Risk associated with the application: critical, high, unsafe, moderate, low, and unknown.

Firewall Rule

The rule that allows the particular application.

Users

Total number of users accessing the application.

Volume

Bandwidth used by the application.

Total Sessions

Total number of application sessions.

Category

Category of the application, such as web, infrastructure, and so on.

Sub Category

Subcategory of the application. For example, social networking, news, and advertisements.

Characteristics

Characteristics of the application. For example, prone to misuse, bandwidth consumer, capable of tunneling.

Source IP

The source IP address that the firewall rule has allowed.

Table 4 provides the guidelines on using the fields of the USERS tab in the chart view.

Table 4: USERS—Filters in the Chart View

Filter Name

Description

Devices

Shows data for all the devices managed by Security Director. Click All to select root devices, Logical Systems (LSYS) devices, or Tenant Systems (TSYS) devices to view the result.

Show By

Select from the following options to view the user’s data:

  • Bandwidth - Shows data based on the amount of bandwidth the user has consumed for a particular time range.

  • Sessions - Shows data based on the number of sessions consumed by the user.

Time

Select the required time range to view the user’s data.

Use the custom option to choose the time range if you want to view data for more than one day. The date range is from 00:00 hours to 23:59 hours.

Number of Sessions

Shows total number of user sessions.

The sessions are shown as links. When you click the link, the All Events page appears with all security events.

Bandwidth

Shows bandwidth usage of the user.

Block User

Blocks the user from using the application.

Block Application(s)

Blocks the usage of the application.

View All Applications

Shows all the applications accessed by the user.

When you click the View All Applications link, the Applications tab in Grid view is displayed with the correct filter applied.

Table 5 describes the widgets of the USERS tab in the Grid View.

Table 5: USERS—Widgets in the Grid View

Widget Name

Description

Top Users By Volume

List the top five users sorted by their bandwidth consumption.

Top Apps By Volume

List the top five applications being accessed in your network for the specified time range.

Table 6 provides the column details of the USERS tab in the grid view.

Table 6: USERS—Columns in the Grid View

Field Name

Description

User Name

Shows the name of a user.

Volume

Shows the bandwidth consumption of a user.

Total Sessions

Shows the number of user sessions.

Click the link to navigate to the All Events page.

Applications

Shows all the applications used by a user for the time range.

Table 7 provides the guidelines on using the fields of the SOURCE IP tab in the chart view.

Table 7: SOURCE IP—Filters in the Chart View

Filter

Description

Devices

By default, data is shown for all the devices in the network. Click All to select root devices, Logical Systems (LSYS) devices, or Tenant Systems (TSYS) devices to view the result.

Show By

Select the following options from the list to view the source IP address data:

  • Bandwidth—Shows data based on the amount of bandwidth the source IP address has consumed for a particular time range.

  • Sessions—Shows data based on the number of sessions consumed by the source IP addresses.

Time

Select the required time range from the list to view the source IP address data.

Use the Custom option to choose the time range if you want to view data for more than one day. The date range is from 00:00 hours to 23:59 hours.

Number of sessions

Shows total number of user sessions.

The sessions are shown as links. When you click the link, the All Events page appears with all security events.

Bandwidth

Shows the bandwidth usage.

View All Applications

Shows all applications accessed by the source IP address.

When you click the View All Applications link, the Applications tab in Grid view is displayed with the correct filter applied.

Block IP

Blocks the source IP address from accessing all applications.

Block Application(s)

Blocks the source IP address from accessing the selected application.

Table 8 describes the widgets of the SOURCE IP tab in the grid view.

Table 8: SOURCE IP— Widgets in the Grid View

Widget

Description

Top IPs By Volume

Lists top five IP addresses sorted by their bandwidth consumption.

Top Apps By Volume

Lists top five applications being accessed in your network for the specified time range.

Table 9 describes the columns of the SOURCE IP tab in the Grid view.

Table 9: SOURCE IP—Columns in the Grid View

Field

Description

Source IP

Shows the source IP addresses.

Volume

Shows the bandwidth consumption of the source IP address.

Total Sessions

Shows the number of sessions of the source IP address.

Applications

Shows all the applications used by the source IP address.