ExtremeAnalytics uses fingerprints to identify to which application a network traffic flow belongs. A fingerprint is a description of a pattern of network traffic which can be used to identify an application. ExtremeCloud IQ Site Engine provides thousands of system fingerprints with the ExtremeAnalytics feature. In addition, you can modify these fingerprints and create new custom fingerprints.
In order to add and modify fingerprints, you must be a member of an authorization group assigned the ExtremeCloud IQ Site Engine ExtremeAnalytics Read/Write Access capability.
Add a Fingerprint
Use the following steps to add a new custom fingerprint based on an existing flow in the Applications Flows view. You can also create a new fingerprint based on an application or application group, or on a destination address.
- Select Analytics > Application Flows view.
- Select the flow in the table that you want to base your new custom fingerprint on.
- Right-click on the flow and select the Fingerprints > Add Fingerprint option. The Add Fingerprint window opens.
- Use the drop-down list to select the flow components on which to base the fingerprint. The options vary depending on the fingerprint you initially selected.
- Port <port number> — Creates a fingerprint that identifies traffic either coming from or going to the specified port.
- Address <IP address> on port <port number> — Creates a fingerprint that identifies traffic either coming from or going to this IP address on the specified port.
- Address <IP address> with mask on port <port number> — Creates a fingerprint that identifies traffic either coming from or going to the specified subnet on the specified port. For example, an IP address of 192.168.0.0 with a mask of 16 would result in all traffic either coming from or going to the 192.168 subnet on the specified port to be identified by the fingerprint.
- Host <host name> — Creates a fingerprint that identifies a specific hostname in the URI of web traffic.
- HTTP Header — Creates a fingerprint that identifies traffic containing specified HTTP header information, if HTTP header information is included in the flow's metadata.
Note that there can be two port number or IP address options listed: one for the flow's source port/IP address and one for the flow's destination port/IP address.
- If you selected an IP address with mask option, you need to specify a subnet of IP addresses. Enter the IP CIDR mask, which is a mask on the flow IP, with 0-32 for IPv4 and 0-128 for IPv6.
- Enter the name of the application for which the fingerprint is defined.
- Use the drop-down list to select the application group to which the application belongs. If none of the existing groups are appropriate, you can enter a new group name and the new group is automatically created.
- Select the fingerprint's confidence level. The confidence level defines the reliability of this fingerprint. Higher confidence fingerprints override lower confidence fingerprints, if multiple fingerprints match a flow. Values are 1-100, with 100 being absolutely reliable.
- Enter a description of the fingerprint, if desired.
- Select Save. The new fingerprint is created on the ExtremeCloud IQ Site Engine server.
- Enforce to push the new fingerprint to your engines.
| TIP: | You can also create a custom fingerprint from the Fingerprints tab. Select the Menu icon and select Create Fingerprint. The Add Fingerprint window opens where you can select all the flow components you want for the fingerprint. The new fingerprint is not based on an existing fingerprint and you need to enter values for all required fields such as IP or Hostname, Application Name, and Application Group. The new fingerprint must be enforced to engines before it can take effect. |
For information on related help topics: