Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

About the Application Visibility Page

To access this page, select Monitor > Maps & Charts > Applications.

Juniper Security Director Cloud supports application visibility, a feature that enables you to protect your network against application-level threats.

The feature provides security management information such as the type, bandwidth consumption, and behavior of applications running on your network. You can use this information to identify application-level threats to your network. For example, you can identify threats posed by applications that consume excess bandwidth and cause data loss due to network bandwidth congestion. You can also control the applications at a granular level by managing the type of traffic allowed to enter or exit the network.

There are two ways in which you can view your application visibility data-Card View or Grid View. By default, the data is displayed in Card View.

Prerequisites

You need to do the following to view application visibility data:

  • Ensure that an application signature package is installed on the SRX Series device. For example:

  • Ensure that a dynamic application is applied on the firewall rule. For example:

    You can also match the firewall rule to a specific dynamic application or group. For example:

  • Enable Session initiate logs and Session close logs on the firewall rule.

Tasks You Can Perform

You can perform the following tasks from this page:

  • View application visibility data in Card View. See Card View.

  • View application visibility data in Grid View. See Grid View.

Card View

Click the Card View link for a brief summary of the top 50 applications consuming the maximum bandwidth in your network. The data can be presented graphically as a bubble graph, heat map, or a zoomable bubble graph. The data is refreshed automatically based on the selected time range. You can also use the Custom option in the Time Span field to set a custom time range.

You can hover over your applications to view critical information such as total number of sessions, total number of blocks, category, bandwidth consumed, risk levels, and characteristics. You can also view the top five users accessing your application.

Table 1 provides guidelines on using the fields on the Card View of the Application Visibility page.

Table 1: Fields on the Card View

Field

Description

Time Span

Select the required time range to view a user's data.

Use the custom option to choose the time range if you want to view data for more than one day.

For

Displays the sites for which application visibility data is displayed. By default, All Sites is selected. To view application visibility data for a specific site group:

  1. Click Edit to open the Add Site Group page.
  2. Select the Selective option.
  3. Select the site(s) you want to the site group from the available sites and click > to add the site(s) to the site group.
  4. Click OK.

Show By

Select from the following options to view a user's data:

  • Bandwidth—Shows data based on the amount of bandwidth the application has consumed for a particular time range.

  • Number of Sessions—Shows data based on the number of sessions consumed by the application.

Select Graph

Select from the following graphical representations to view an application's data:

  • Bubble Graph

  • Heat Map

  • Zoomable Bubble Graph

By default, data is shown in the Bubble Graph format.

Group By

Select from the following options to view the application's data:

  • Risk-Grouped by critical, high, unsafe, and so on.

  • Category-Grouped by categories such as web, infrastructure, and so on.

Grid View

Click the Grid View link to obtain comprehensive details about applications. You can view top users by volume, top applications by volume, top category by volume, top characteristics by volume, and sessions by risk. You can also view the data in a tabular format that includes sortable columns. You can sort the applications in ascending or descending order based on application name, risk level, and so on. Table 2 describes the widgets in this view. Use these widgets to get an overall, high-level view of your applications, users, and the content traversing your network.

Table 2 provides guidelines on using the fields on the Grid View of the Application Visibility page.

Table 2: Widgets on the Grid View

Field

Description

Top Users By Volume

Top users of the application; sorted by bandwidth consumption.

Top Apps By Volume

Top applications using the network traffic, such as Amazon, Facebook, and so on, sorted by bandwidth consumption.

Top Category By Volume

The top category of the application, such as Web, infrastructure, and so on; sorted by bandwidth consumption.

Top Characteristics By Volume

Top behavioral characteristics of the application, such as whether it is highly prone to misuse, the top bandwidth consumer, and so on.

Sessions By Risk

Number of events or sessions received; grouped by risk.

Table 3 describes the fields in the table below the widgets. Users are displayed by usernames or IP addresses. When you click a link, the User Visibility page appears in a grid view, with the correct filter applied. Sessions are also displayed as links and when you click a link, the All Events page appears with all security events.

Table 3: Detailed View of Applications

Field

Description

Application Name

Name of the application, such as Amazon, Facebook, and so on.

Risk Level

Risk associated with the application: critical, high, unsafe, moderate, low, and unknown.

Users

Total number of users accessing the application.

Volume

Bandwidth used by the application.

Total Sessions

Total number of application sessions.

No of Rejects

Total number of sessions blocked.

Category

Category of the application, such as Web, infrastructure, and so on.

Sub Category

Subcategory of the application. For example, social networking, news, and advertisements.

Characteristics

Characteristics of the application. For example, prone to misuse, bandwidth consumer, capable of tunneling.