Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Types of Tagging

Paragon Insights supports static tagging and dynamic tagging.

Static Tagging

In static tagging, the tagging profile is applied to values stored in the time series data base (TSDB). These values do not vary a lot with time. In static tagging, you can avoid using When statements, and you can add Then statements to a tagging profile.

Sample Static Tagging Configuration

In this sample static tagging configuration, the lack of a when statement means that any device that this tagging profile is applied to will have the field tenant-id assigned with the value tenant1. The fields and values defined in this profile are assigned to all rules that are applied to a device or device-group because of the * in the rules parameter.

You can also create a static tagging profile from the Paragon Automation graphical user interface (GUI). Navigate to Configuration > Sensor > Settings > Tagging Profile page to create a tagging profile.

Application Identification

Table 1 shows an example application identification scenario based on source-port, destination-port, and protocol of traffic seen in a NetFlow stream.

Table 1: Fields in NetFlow Stream

source-port

destination-port

protocol

derived-application

2541

Any

6 (TCP)

NetChat

Any

2541

6 (TCP)

1755

Any

17 (UDP)

MS-streaming

Any

830

6 (TCP)

netconf-ssh

7802

Any

17 (UDP)

vns-tp

To create the derived-application field as given in Table 1 from the received data (data under source-port, destination port, and protocol), you must use a tagging profile definition that looks like this:

Dynamic Tagging

Paragon Insights supports dynamic tagging. In dynamic tagging, you can set conditions in a tagging profile, that in turn are checked against values that are stored in Redis database. When these conditions are met, they are applied to incoming data before Paragon Insights processes the data.

Benefits of Dynamic Tagging

  • Values stored in Redis database are current and dynamic.

  • Redis database can be used as a cache memory to store real-time data.

Understanding Redis Database and Dynamic Tagging Configurations

Understanding Redis Database and Dynamic Tagging Configurations

  • Key structure is <Device-group-name>::<device-id>::<key-name> __network::<network-group-name>::<key-name>, where :: is the key separator.

    Example key structures:

    • Device Group

      Core:r1::/components/

    • Network Group

      network::net_check::topic/rule

  • Values are stored in JSON string format <json dump as string> in Redis. However, values are provided in string, integer, and float formats.

    Example value formats:

    • Core:r1::/components/= value1

    • Core:r1::/components/='{“key1”: value1, “key2”: value2}’

    • Core:r1::/components/='{“key1”: {“key2”: value1, “key3”: value2}’

    • Core:r1::/components/='{“key1”: {“key2”: ‘[list of values]’, “key3”: value1}’

    • Sample tagging-profile configurations using when statement.

    • Use a . operator between interfaces.

      In the following example, key3 interface is nested within key2 interface in the right operand.

    • Sample tagging-profile configurations using then statement.

    • Use a . operator between interfaces.

      In the following example, key3 interface is nested within key2 interface in the right operand.

  • Using exist operator in configurations.

    • Using exist as key.

      Redis Data Structure

      tagging-profile Using when Statement

    • Using exist as value in list.

      Redis Data Structure

      tagging-profile Using when Statement

  • Using $ in then statements.

    When you use $<field-name> within a Redis key, $<field-name> is replaced with a value from the already processed database value.

    As an example, consider that ge-1/0/2 is present within Redis key.

    Redis Data Structure

    Example tagging -profile

    In this scenario, the tagging-profile checks if $interface-name is present in the Redis database, and if key1 value for the given interface name is greater than 30. If the statement is true, the tagging-profile fetches key2 value from name field. In this example tagging profile, the name value is interface-meta-data.

  • To enable dynamic tagging, set in-memory value to true.

    By default in-memory value is set to false.