Flow Apps and Protocols

The Apps and Protocols page enables you to edit and define new protocols, apps, and categories from which SevOne NMS can collect flow data.

To access the Apps and Protocols page from the navigation bar, click the Administration menu, select Flow Configuration, and then select Apps and Protocols.

flowAppsandProtocols

The Protocol Mapping tab lists the protocols for which you can create a flow report, the App Mapping tab lists the apps for which you can create a flow report, and the Category Mapping tab lists the app categories which can be mapped to app profiles.

Protocol Mapping tab

The Protocol Mapping tab displays the flow protocols SevOne NMS discovers.

flowProtocolMapping

Add Protocol

  1. Click Add Protocol to add a protocol or click wrenchIcon to edit an existing protocol. Add Protocol / Edit Protocol pop-up will appear.
    addProtocol

  2. In the Number field enter the protocol number.
  3. In the Protocol Name field, enter the protocol name.
  4. In the Description field, enter the protocol description.
  5. Click Save.

Delete Selected

Select the check box for each protocol to be deleted. Click Delete Selected to delete.

Note: Delete Selected button is only available when at least one protocol is selected to be deleted.

App Mapping tab

Important: Modifications to flow apps can take up to 5 minutes for report time resolution to take effect.

The App Mapping tab displays the flow apps SevOne NMS discovers.

flowAppMapping

Note: Each app has a number of matching rules associated with it and these matching rules are used to match the flow as it arrives back to an app profile. In the screenshot above, you see that App Profile ID = 4 has three flow apps, as shown in the right pane.

The App Profile ID is stored in the flow itself. FlowFalcon View Editor manages the FlowFalcon views used to create reports, aggregated and raw, using the App Profile ID.

Filter

Filters enable you to limit the apps that appear in the list. Filters are optional.

Search

The Search section allows the search capability based on the following.

  • In the Search field, enter text you want to search on. Select App Profile Name and/or Description and/or App Category check boxes to perform the search in app profile name and/or description and/or app category column(s) for the text entered after the filter is applied.
  • Select the Display apps with aggregation port enabled check box to filter on apps that have Enable Aggregation Port set to Enable.
  • Click the Aggregation Port drop-down and choose from options Equal to, Less than, or Greater than. Enter the port number in the text field to perform the search in the aggregation port column based on the option chosen.

Buttons

  • Click Apply Filter button to apply the filter settings.
  • Click Clear Filter button to remove all filters and to display all flow app profiles in the list.
  • Click on collapse to collapse or uncollapse to uncollapse the Filter section.

App Profiles

Important: The list contains app profiles that can be modified or deleted. You will have a check box in the first column and under Actions, you will have the tools to edit or delete the app profile you are on.

Any new app profiles you add, will have a check box in the first column and under Actions, you will have the tools to edit or delete the app profile you are on.

It also contains an additional 4800+ SaaS OOTB app profiles (with assigned SaaS OOTB app category) that identify and categorize SaaS applications delivered from the internet i.e., Salesforce, Google Mail, Zoom, YouTube, etc. These SaaS OOTB app profiles cannot be modified or deleted. You will notice that for these app profiles, there is no check box in the first column, and under Actions, there are no tools available.

You will also notice that flow apps for SaaS OOTB app profiles are not visible as they are proprietary to IBM.

Note: The SaaS database matches the public IP addresses and an intermediate proxy/gateway that translates the IP addresses can make the traffic unidentifiable. It is recommended to collect flow from devices that are facing the Internet for proper identification of SaaS apps.

Add / Edit App Profile

  1. Click Add App Profile to add an app profile or click wrenchIcon to edit an existing app profile. Add App Profile / Edit App Profile pop-up will appear.
    addAppProfile

  2. In the App Profile Name field, enter the app profile name to appear in reports.
  3. In the Description field, enter the app profile description.
  4. Click the check box to enable Enable Aggregation Port and enter the port number in Aggregation Port field.
    Note: Enable Aggregation Port check box when enabled,
    • applies the Aggregation Port to aggregated and raw flow data.
    • the application port is rewritten for both aggregated and raw data.
    • aggregated and raw data retain the integrity of the original non-application ports; i.e., source, destination, and client ports.
  5. The App Category drop-down contains a list of SevOne OOTB app categories, SaaS OOTB app categories, and custom app categories, if any. You can choose an app category from the list and assign it to the app profile you are adding / modifying.
    Important: An App Profile can only be assigned to one App Category.
  6. Click Save.

Delete Selected

Select the check box for each app to be deleted. Click Delete Selected to delete.

Note: Delete Selected button is only available when at least one app profile is selected to be deleted.

Search

From Search drop-down, enable Select All Columns to allow you to search all columns such as, ID, App Profile Name, Description, App Category, and Aggregation Port for the text entered in the search box. You have an option to search for text in ID or App Profile Name or Description or App Category or Aggregation columns based on the option selected from the Search drop-down.

Note:
  • Search is case-insensitive.
  • Search cannot be performed on the Enable Aggregation Port column.
  • At least one character is required to do the search on.

Edit Flow Apps

From App Profiles, select an app profile name to view its available flow apps.

Add App

  1. Click Add App to add an app to the app profile selected or click wrenchIcon to edit an existing app available to the selected app profile. Add App / Edit App pop-up will appear.
    addApp

  2. In the Source IP field, enter the source IP address.
  3. In the Source Port field, enter the source port number.
  4. Select the Unidirectional App check box to allow app to be unidirectional only. For bidirectional app, disable the check box and configure the following fields.
    Note: A bidirectional app matches either both source and destination fields or both destination and source fields of the flow.  A unidirectional app matches either source or destination fields of the flow.
    1. In the Destination IP field, enter the destination IP address.
    2. In the Destination Port field, enter the destination port number.
  5. In the Protocol field, select a protocol from the drop-down list.
  6. In the ToS Value field, enter the value for the type of service.
  7. Click Save.

Delete Selected

Select the check box for each flow app to be deleted. Click Delete Selected to delete.

Note: Delete Selected button is only available when at least one flow app is selected to be deleted.

Search

From Search drop-down, enable Select All Columns to allow you to search all columns such as, Source IP, Source Port, Unidirectional, Destination IP, Destination Port, Protocol, and ToS Value for the text entered in the search box. You have an option to search for text in Source IP or Source Port or Unidirectional or Destination IP or Destination Port or Protocol or ToS Value columns based on the option selected from the Search drop-down.

Note:
  • Search is case-insensitive.
  • At least one character is required to do the search on.

Category Mapping tab

The Category Mapping tab displays various app categories and provides a list of app profiles linked to each category.

In the table below for example, you have 36 OOTB App Categories; 18 SevOne OOTB app categories and 18 SaaS OOTB app categories. The list is dynamic and may vary between SevOne NMS versions.

ID SevOne OOTB App Categories ID SaaS OOTB App Categories
1 Other 269581305 Healthcare Applications
2 Enterprise Application 270488151 CRM
3 Routing Protocol 289497933 Collaboration Tools
4 Database 290888740 CDN
5 Network Management 318610457 Finance, Accounting & Billing
6 Network Mail Services 329181988 ERP & Project Management
7 Directory 333840942 Infrastructure
8 Streaming Media 346772159 Generative AI
9 Internet Fileshare 351133446 Storage
10 Internet Browsing 375736016 Call Center & Help Desk
11 Internet Remote Access 380278797 Specific Business
12 Internet News 415874854 IT & Communication
13 Signalling 422226518 Human Resource
14 RPC 461930939 Streaming
15 Non-IP 474330672 Educational Services
16 Miscellaneous 479621881 Video Gaming
17 Voice 505864028 Marketing & Mailing
18 Peer-to-peer File Sharing 526877189 Social Networks

About OOTB App Categories,

  • SevOne OOTB app categories and SaaS OOTB app categories under App Categories list cannot be modified or deleted.
  • Each SevOne OOTB app categories and SaaS OOTB app categories may be already mapped to one or more App Profiles.
  • App Profile(s) pre-assigned to SevOne OOTB app categories can be deleted. And, additional app profiles can be assigned to them. For details on how to assign app profile(s) to the app category, please refer to the section About Custom App Categories below.
  • App Profile(s) pre-assigned to SaaS OOTB app categories cannot be deleted. However, additional app profiles can be assigned to them and these can be deleted as well.
  • Any App Profile that is not mapped to any App Category is automatically assigned to App Category, Other.

About Custom App Categories,

Custom app categories can be created by clicking Add App Category. Custom app categories can be modified and deleted. To assign App Profile(s) to it, you need to perform the steps below.

To assign an app category to an app profile,

  • Click App Mapping tab.
  • Select an app profile that is not a SaaS OOTB app profile and click wrenchIcon under column Actions.
  • You will get a Edit App Profile pop-up.
  • Click App Category drop-down and select the app category you want to assign to your selected app profile.
  • Click Save.

To assign an app category to a new app profile,

  • Click App Mapping tab.
  • Click Add App Profile.
  • You will get a Add App Profile pop-up and in the fields,
    • enter App Profile Name.
    • enter Description.
    • select check box if you want to enable field Enable Aggregation Port. If enabled, enter the port number in field Aggregation Port.
    • click App Category drop-down and select the app category you want to assign to it.
    • click Save.

flowCategoryMapping

Filter

Filters enable you to filter on category name or description. Filters are optional.

Search

The Search section allows the search capability based on the following.

  • In the Search field, enter text you want to search on. Select Category Name and/or Description check boxes to perform the search in app category name and/or description column(s) for the text entered after the filter is applied.

Buttons

  • Click Apply Filter button to apply the filter settings.
  • Click Clear Filter button to remove all filters and to display apps in the list.
  • Click on collapse to collapse or uncollapse to uncollapse the Filter section.

App Categories

Add / Edit App Category

  1. Click Add App Category to add an app category or click wrenchIcon to edit an existing app category. Add App Category / Edit App Category pop-up will appear.
    Important: Only custom App Categories can be added. And, existing custom app categories can be modified or deleted.

    SevOne OOTB app categories and SaaS OOTB app categories cannot be modified or deleted.

    App Profiles assigned to SevOne OOTB app categories can be modified or deleted.

    SaaS App Profiles assigned to SaaS OOTB app categories cannot be modified or deleted.

    addAppCategory

  2. In the App Category Name field, enter the app category name to appear in reports.
  3. In the Description field, enter the app category description.
  4. Click Save.

Deleted Selected

Select the check box for each App Category to be deleted. Click Delete Selected to delete.

Important: SevOne OOTB app categories and SaaS OOTB app categories cannot be deleted.

Only custom app categories can be deleted.

Search

From Search drop-down, enable Select All Columns to allow you to search all columns such as, ID, App Category Name, and Descriptionfor the text entered in the search box. You have an option to search for text in ID or App Category Name or Description columns based on the option selected from the Search drop-down.

Note:
  • Search is case-insensitive.
  • At least one character is required to do the search on.

Edit App Profile Mapping

From App Categories list in the left bottom pane, select a app category name to view its available app profiles.

Important: OOTB App Categories are by default mapped to App Profiles.

App Profiles mapped to SevOne OOTB app categories can be modified or deleted.

SaaS App Profiles mapped to SaaS OOTB app categories cannot be modified or deleted.

App profile(s) mapped to custom app categories can be modified or deleted.

Add App Profile Mapping

  1. Click Add App Profile Mapping to add an app profile to the selected app category. Add App Profiles pop-up will appear.
    Important: App Profile can be added to SevOne OOTB app categories or SaaS OOTB app categories or custom app categories.
    addAppProfileToAppCategory

  2. Click the App Profiles drop-down and select the app profile you want to map with the selected app category.
  3. Click Save.

Remove Selected

Important: App profiles mapped to SevOne OOTB app categories or SaaS OOTB app categories or custom app categories can be deleted.

Select the check box for each app profile to be deleted. Click Remove Selected to delete.

Note: Remove Selected button is only available when at least one selectable app profile is selected that you want deleted.

Search

From Search drop-down, enable Select All Columns to allow you to search all columns such as, App Profile Name and Description for the text entered in the search box. You have an option to search for text in App Profile Name or Description columns based on the option selected from the Search drop-down.

Note:
  • Search is case-insensitive.
  • At least one character is required to do the search on.

Use-Cases

How do App Mapping & Category Mapping features interact?
  1. From App Mapping tab, add 2 custom app profiles.

    Example# 1

    myTimeAppProfile

    Example# 2

    yourTimeAppProfile

  2. Since Example# 1 and Example# 2 are both assigned to App Category = Miscellaneous, under App Categories, select Miscellaneous item.
    miscServiceCategory

    You will see app profiles myTime and yourTime are mapped to app category Miscellaneous.

  3. In the right panel, select app profile, myTime and click trashCanIcon under column Actions.
  4. Since myTime is no longer mapped to app category Miscellaneous, it will automatically be mapped to app category, Other. App Category Other contains all app profiles that are not mapped to any app category.
  5. To confirm, click App Mapping tab and search for app profile myTime.
  6. You will need to click refreshCM.
  7. Select wrench under Actions column for app profile, myTime.
  8. You will see that app category for myTime is now, Other.
    myTimeServiceProfile2



When the source port is configured as 2055 in an App Profile, then why is the App Profile matched and displayed as destination port in the report?
A bidirectional Service Profile matches either both source and destination fields or both destination and source fields of the flow. A unidirectional Service Profile matches either source or destination fields of the flow.



If a Service Profile is configured with source port set to 2055 and destination port set to 57268, then if the flow's destination port has 2055 and source port has 57268, then in a report, will this match the Service Profile name?
The Service Profile name matches both source and destination port or both destination and source port.



What would be the behavior when two Service Profiles, one unidirectional and one bidirectional, with the same source port configuration, which one takes precedence?
The bidirectional App Profile takes precedence.



Additional Examples
  1. A unidirectional App Profile specified at source IP - 10.1.1.1 and source port = 22, will match traffic in both directions using SSH for a specific server for that timespan.
  2. A unidirectional App Profile specified as source port = 22, will match traffic in both directions using SSH for that timespan.
  3. A bidirectional App Profile specified as source IP = 10.1.1.1 and source port = 22, destination IP = 10.1.1.10 and destination port = 57268, will match traffic in both directions using SSH in between a specific client and server for that timespan.
  4. There are other variations where source IP = * and source port = 22, destination IP = 10.1.1.20 and destination port = *, will match traffic in both directions using SSH from a specific client.