About the Application Visibility Page
To access this page, click Monitor > Applications.
You can use the Application Visibility page to view information related to bandwidth consumption, session establishment, and the risks associated with your applications, users, and source IP addresses. Based on the details, you can block applications, users, and source IP addresses accordingly. You can accelerate business-critical applications, stagger non-critical applications, and block undesirable applications.
Tasks You Can Perform
You can perform the following tasks from this page:
View applications, users, and source IP addresses in Chart view and Grid view. The data is refreshed automatically based on the time range selection, device selection, and filter criteria. You can select Time > Custom to set a custom time range.
Use the query builder to create search criteria based on the following search options:
User—Users consuming the application in the network.
Application—Applications consumed in the network.
Source IP—Source IP address consuming the application in the network.
Destination IP—Destination IP address accessed in the network.
Note The search options and the values are displayed based on the available system logs.
Enter the filter criteria in the chart view, and click Save to save the filter. Click the filter icon and select Show Saved Filters to view the filters that you created. You can re-use the created filters and the used filter name is displayed in the UI.
View the aggregate count of applications, content, source IP addresses, and destination IP addresses in the insight bar. The aggregate count changes based on the applied filter values. On click of each count, you are navigated to the event viewer – All Events page with valid filters applied.
Note Based on the filter criteria in the search bar, the count in the insight bar is updated.
View details of an application.
Select an application and click the Detail View icon or click More and select Detail View to view details of the application.
Block applications, see Block Applications
Block users, see Block Users
Block source IP addresses, see Block Source IP Addresses
Field Descriptions
Table 1 provides guidelines on using the fields of the APPLICATIONS tab in the chart view.
Table 1: APPLICATIONS—Filters in Chart View
Field | Description |
|---|---|
Devices | Shows data for all the devices managed by Security Director. Click the All link to select devices. You can select root devices, Logical Systems (LSYS) devices, or Tenant Systems (TSYS) devices to view the result. |
Show By | Select from the following options to view a user’s data:
|
Time | Select the required time range to view a user’s data. Use the custom option to choose the time range if you want to view data for more than one day. The time range is from 00:00 hours to 23:59 hours. |
Number of Sessions | Shows total number of application sessions. When you click the session count link, the All Events page appears. |
Number of Blocks | Shows total number of times the application was blocked. |
Bandwidth | Shows bandwidth usage of the application. |
Risk Level | Shows risk associated with the application. For example, critical, high, unsafe, and so on. |
Category | Shows category of the application. For example, web, infrastructure, and so on. |
Characteristics | Shows characteristics of the application. For example, prone to misuse, bandwidth consumer, capable of tunneling, and so on. |
Block User(s) | Blocks the user from using the application. |
Block Application | Blocks the usage of the application. |
View All Users | Shows all the users accessing the application. Clicking View All Users link navigates you to the grid view in the USERS tab. |
Table 2 describes the widgets of the APPLICATIONS tab in the grid view.
Table 2: APPLICATIONS—Widgets in Grid View
Widget | Description |
|---|---|
Top Users By Volume | Top users of the application; sorted by bandwidth consumption. |
Top Apps By Volume | Top applications, such as Amazon, Facebook, and so on of the network traffic; sorted by bandwidth consumption. |
Top Category By Volume | Top category, such as web, infrastructure, and so on of the application; sorted by bandwidth consumption. |
Top Characteristics By Volume | Top behavioral characteristics, such as prone to misuse, bandwidth consumer, and so on of the application. |
Risk Level | Number of events/sessions received; grouped by risk. |
Table 3 provides the column details of the APPLICATIONS tab in the grid view.
Table 3: APPLICATIONS—Columns in Grid View
Field | Description |
|---|---|
Status | Indicates whether the application has been blocked or not. If the status is green, then the application is not blocked and if the status is red then the application is blocked. |
Application Name | Name of the application, such as Amazon, Facebook, and so on. |
Ports | Standard or the non-standard port number of the application. |
Risk Level | Risk associated with the application: critical, high, unsafe, moderate, low, and unknown. |
Firewall Rule | The rule that allows the particular application. |
Users | Total number of users accessing the application. |
Volume | Bandwidth used by the application. |
Total Sessions | Total number of application sessions. |
Category | Category of the application, such as web, infrastructure, and so on. |
Sub Category | Subcategory of the application. For example, social networking, news, and advertisements. |
Characteristics | Characteristics of the application. For example, prone to misuse, bandwidth consumer, capable of tunneling. |
Source IP | The source IP address that the firewall rule has allowed. |
Table 4 provides the guidelines on using the fields of the USERS tab in the chart view.
Table 4: USERS—Filters in the Chart View
Filter Name | Description |
|---|---|
Devices | Shows data for all the devices managed by Security Director. Click All to select root devices, Logical Systems (LSYS) devices, or Tenant Systems (TSYS) devices to view the result. |
Show By | Select from the following options to view the user’s data:
|
Time | Select the required time range to view the user’s data. Use the custom option to choose the time range if you want to view data for more than one day. The date range is from 00:00 hours to 23:59 hours. |
Number of Sessions | Shows total number of user sessions. The sessions are shown as links. When you click the link, the All Events page appears with all security events. |
Bandwidth | Shows bandwidth usage of the user. |
Block User | Blocks the user from using the application. |
Block Application(s) | Blocks the usage of the application. |
View All Applications | Shows all the applications accessed by the user. When you click the View All Applications link, the Applications tab in Grid view is displayed with the correct filter applied. |
Table 5 describes the widgets of the USERS tab in the Grid View.
Table 5: USERS—Widgets in the Grid View
Widget Name | Description |
|---|---|
Top Users By Volume | List the top five users sorted by their bandwidth consumption. |
Top Apps By Volume | List the top five applications being accessed in your network for the specified time range. |
Table 6 provides the column details of the USERS tab in the grid view.
Table 6: USERS—Columns in the Grid View
Field Name | Description |
|---|---|
User Name | Shows the name of a user. |
Volume | Shows the bandwidth consumption of a user. |
Total Sessions | Shows the number of user sessions. Click the link to navigate to the All Events page. |
Applications | Shows all the applications used by a user for the time range. |
Table 7 provides the guidelines on using the fields of the SOURCE IP tab in the chart view.
Table 7: SOURCE IP—Filters in the Chart View
Filter | Description |
|---|---|
Devices | By default, data is shown for all the devices in the network. Click All to select root devices, Logical Systems (LSYS) devices, or Tenant Systems (TSYS) devices to view the result. |
Show By | Select the following options from the list to view the source IP address data:
|
Time | Select the required time range from the list to view the source IP address data. Use the Custom option to choose the time range if you want to view data for more than one day. The date range is from 00:00 hours to 23:59 hours. |
Number of sessions | Shows total number of user sessions. The sessions are shown as links. When you click the link, the All Events page appears with all security events. |
Bandwidth | Shows the bandwidth usage. |
View All Applications | Shows all applications accessed by the source IP address. When you click the View All Applications link, the Applications tab in Grid view is displayed with the correct filter applied. |
Block IP | Blocks the source IP address from accessing all applications. |
Block Application(s) | Blocks the source IP address from accessing the selected application. |
Table 8 describes the widgets of the SOURCE IP tab in the grid view.
Table 8: SOURCE IP— Widgets in the Grid View
Widget | Description |
|---|---|
Top IPs By Volume | Lists top five IP addresses sorted by their bandwidth consumption. |
Top Apps By Volume | Lists top five applications being accessed in your network for the specified time range. |
Table 9 describes the columns of the SOURCE IP tab in the Grid view.
Table 9: SOURCE IP—Columns in the Grid View
Field | Description |
|---|---|
Source IP | Shows the source IP addresses. |
Volume | Shows the bandwidth consumption of the source IP address. |
Total Sessions | Shows the number of sessions of the source IP address. |
Applications | Shows all the applications used by the source IP address. |