ON THIS PAGE
About the Application Visibility Page
To access this page, click Monitor > Applications.
You can use the Application Visibility page to view information related to bandwidth consumption, session establishment, and the risks associated with your applications, users, and source IP addresses. Based on the details, you can block applications, users, and source IP addresses accordingly. You can accelerate business-critical applications, stagger non-critical applications, and block undesirable applications.
Tasks You Can Perform
You can perform the following tasks from this page:
View applications, users, and source IP addresses in Chart view and Grid view. The data is refreshed automatically based on the time range selection, device selection, and filter criteria. You can select Time > Custom to set a custom time range.
Use the query builder to create search criteria based on the following search options:
User—Users consuming the application in the network.
Application—Applications consumed in the network.
Source IP—Source IP address consuming the application in the network.
Destination IP—Destination IP address accessed in the network.
Note:The search options and the values are displayed based on the available system logs.
Enter the filter criteria in the chart view, and click Save to save the filter. Click the filter icon and select Show Saved Filters to view the filters that you created. You can re-use the created filters and the used filter name is displayed in the UI.
View the aggregate count of applications, content, source IP addresses, and destination IP addresses in the insight bar. The aggregate count changes based on the applied filter values. On click of each count, you are navigated to the event viewer – All Events page with valid filters applied.
Note:Based on the filter criteria in the search bar, the count in the insight bar is updated.
View details of an application.
Select an application and click the Detail View icon or click More and select Detail View to view details of the application.
Block applications, see Block Applications
Block users, see Block Users
Block source IP addresses, see Block Source IP Addresses
Field Descriptions
Table 1 provides guidelines on using the fields of the APPLICATIONS tab in the chart view.
Field |
Description |
---|---|
Devices |
Shows data for all the devices managed by Security Director. Click the All link to select devices. You can select root devices, Logical Systems (LSYS) devices, or Tenant Systems (TSYS) devices to view the result. |
Show By |
Select from the following options to view a user’s data:
|
Time |
Select the required time range to view a user’s data. Use the custom option to choose the time range if you want to view data for more than one day. The time range is from 00:00 hours to 23:59 hours. |
Number of Sessions |
Shows total number of application sessions. When you click the session count link, the All Events page appears. |
Number of Blocks |
Shows total number of times the application was blocked. |
Bandwidth |
Shows bandwidth usage of the application. |
Risk Level |
Shows risk associated with the application. For example, critical, high, unsafe, and so on. |
Category |
Shows category of the application. For example, web, infrastructure, and so on. |
Characteristics |
Shows characteristics of the application. For example, prone to misuse, bandwidth consumer, capable of tunneling, and so on. |
Block User(s) |
Blocks the user from using the application. |
Block Application |
Blocks the usage of the application. |
View All Users |
Shows all the users accessing the application. Clicking View All Users link navigates you to the grid view in the USERS tab. |
Table 2 describes the widgets of the APPLICATIONS tab in the grid view.
Widget |
Description |
---|---|
Top Users By Volume |
Top users of the application; sorted by bandwidth consumption. |
Top Apps By Volume |
Top applications, such as Amazon, Facebook, and so on of the network traffic; sorted by bandwidth consumption. |
Top Category By Volume |
Top category, such as web, infrastructure, and so on of the application; sorted by bandwidth consumption. |
Top Characteristics By Volume |
Top behavioral characteristics, such as prone to misuse, bandwidth consumer, and so on of the application. |
Risk Level |
Number of events/sessions received; grouped by risk. |
Table 3 provides the column details of the APPLICATIONS tab in the grid view.
Field |
Description |
---|---|
Status |
Indicates whether the application has been blocked or not. If the status is green, then the application is not blocked and if the status is red then the application is blocked. |
Application Name |
Name of the application, such as Amazon, Facebook, and so on. |
Ports |
Standard or the non-standard port number of the application. |
Risk Level |
Risk associated with the application: critical, high, unsafe, moderate, low, and unknown. |
Firewall Rule |
The rule that allows the particular application. |
Users |
Total number of users accessing the application. |
Volume |
Bandwidth used by the application. |
Total Sessions |
Total number of application sessions. |
Category |
Category of the application, such as web, infrastructure, and so on. |
Sub Category |
Subcategory of the application. For example, social networking, news, and advertisements. |
Characteristics |
Characteristics of the application. For example, prone to misuse, bandwidth consumer, capable of tunneling. |
Source IP |
The source IP address that the firewall rule has allowed. |
Table 4 provides the guidelines on using the fields of the USERS tab in the chart view.
Filter Name |
Description |
---|---|
Devices |
Shows data for all the devices managed by Security Director. Click All to select root devices, Logical Systems (LSYS) devices, or Tenant Systems (TSYS) devices to view the result. |
Show By |
Select from the following options to view the user’s data:
|
Time |
Select the required time range to view the user’s data. Use the custom option to choose the time range if you want to view data for more than one day. The date range is from 00:00 hours to 23:59 hours. |
Number of Sessions |
Shows total number of user sessions. The sessions are shown as links. When you click the link, the All Events page appears with all security events. |
Bandwidth |
Shows bandwidth usage of the user. |
Block User |
Blocks the user from using the application. |
Block Application(s) |
Blocks the usage of the application. |
View All Applications |
Shows all the applications accessed by the user. When you click the View All Applications link, the Applications tab in Grid view is displayed with the correct filter applied. |
Table 5 describes the widgets of the USERS tab in the Grid View.
Widget Name |
Description |
---|---|
Top Users By Volume |
List the top five users sorted by their bandwidth consumption. |
Top Apps By Volume |
List the top five applications being accessed in your network for the specified time range. |
Table 6 provides the column details of the USERS tab in the grid view.
Field Name |
Description |
---|---|
User Name |
Shows the name of a user. |
Volume |
Shows the bandwidth consumption of a user. |
Total Sessions |
Shows the number of user sessions. Click the link to navigate to the All Events page. |
Applications |
Shows all the applications used by a user for the time range. |
Table 7 provides the guidelines on using the fields of the SOURCE IP tab in the chart view.
Filter |
Description |
---|---|
Devices |
By default, data is shown for all the devices in the network. Click All to select root devices, Logical Systems (LSYS) devices, or Tenant Systems (TSYS) devices to view the result. |
Show By |
Select the following options from the list to view the source IP address data:
|
Time |
Select the required time range from the list to view the source IP address data. Use the Custom option to choose the time range if you want to view data for more than one day. The date range is from 00:00 hours to 23:59 hours. |
Number of sessions |
Shows total number of user sessions. The sessions are shown as links. When you click the link, the All Events page appears with all security events. |
Bandwidth |
Shows the bandwidth usage. |
View All Applications |
Shows all applications accessed by the source IP address. When you click the View All Applications link, the Applications tab in Grid view is displayed with the correct filter applied. |
Block IP |
Blocks the source IP address from accessing all applications. |
Block Application(s) |
Blocks the source IP address from accessing the selected application. |
Table 8 describes the widgets of the SOURCE IP tab in the grid view.
Widget |
Description |
---|---|
Top IPs By Volume |
Lists top five IP addresses sorted by their bandwidth consumption. |
Top Apps By Volume |
Lists top five applications being accessed in your network for the specified time range. |
Table 9 describes the columns of the SOURCE IP tab in the Grid view.
Field |
Description |
---|---|
Source IP |
Shows the source IP addresses. |
Volume |
Shows the bandwidth consumption of the source IP address. |
Total Sessions |
Shows the number of sessions of the source IP address. |
Applications |
Shows all the applications used by the source IP address. |
Starting in Junos Space Security Director Release 24.1R2, after you install or upgrade Security Director, the following cronjob is added in existing crontab in all JBOSS nodes:
10 1 * * *
/var/www/cgi-bin/ApplicationVisibility_DataReduction.sh >/dev/null
2>&1
The cronjob runs every day at 1:10 AM. The
ApplicationVisibility_DataReduction.sh
script is added in
/var/www/cgi-bin.
If you want to purge the
Application Visibility database, then in
ApplicationVisibility_DataReduction.sh
script, update
APP_VISIBILITY=false
to APP_VISIBILITY=true
in
all JBOSS nodes. However, purging is triggered only in VIP node.
By default,
the data is retained for 7 days. You can modify the number of days for which you
want to retain the data in Application Visibility database using the following
parameters in ApplicationVisibility_DataReduction.sh
script:
DAYS_IN_SECONDS_1=86400000 DAYS_IN_SECONDS_7=604800000 DAYS_IN_SECONDS_14=1209600000 DAYS_IN_SECONDS_21=1814400000 DAYS_IN_SECONDS_30=2592000000 # MODIFY HERE if needed: Replace Variable in next line for selected time SELECTED_DAYS=$DAYS_IN_SECONDS_7